Firefox can be the mostest secure webbrowser evar tomorrow if it wants. Just include the "su"/"runas" functionality to drop down to a non-privileged user on startup. With, say, read/write permissions to only its own directory. Done. Anyone want to add this feature request to bugzilla, or is it already in there?
This is much harder to achieve with respect to internet explorer, because it's more deeply entrenched in the operating system. Its HTML control (the actual renderer) is used in zillions of places where it shouldn't be, like in outlook (express) to render e-mail. You need to run internet explorer as an administrator to use (manual) windows update! How lame is that?
"Lookey here! It looks like we've stumbled across a scriptkiddie! D'ya reckon it's a fella or a sheila? These are yung 'uns, and it's hard to tell. I've gotta be really careful, or it'll BITE me!"
Anyone know an internet translator that supports Norwegian? Or even a Norwegian? It would be nice to have a translation so we don't have to sit around making uninformed comments about what we can't understand...
I think "Jeg vil rette en advarsel til alle dere som skal ut å handle kontrollere etter dette. Sjekk_nøye_om kontrolleren er støttet av kjernen! " speaks for itself.
Honestly, what do these companies think that people buy phones for?
To make them a profit. If you want no-frills, buy a low-end phone and get a no-frills plan at reduced rates. Since most people are crap at budgetting, and suckers for shiny things that blink, they get their phones with a plan (and a hefty handset subsidy).
This is what drives telcos to want to recoup ever more money, so they tell the manufacturers to build in more billable features, driving up prices, which in turn drives up handset subsidies, which drives up the demand (on the telcos part) for more billable services.
If you want it to stop, stop people buying phones on credit supplied by the telcos.
I, for one, have an iMate/XDA/MDA 2 with a 2-year plan. So there.
All this video-over-widerange-wireless stuff makes me wonder though - what are the long-term limits of wireless data transfer over large areas? I anticipate (article was more early marketing than real info)that users of this service will not be getting a high-resolution image on their cell phone, and what they get will likely jam with any signal interference, but it won't be too long until competition pushes for higher resolution, more video buffer, etc.
You may have heard of this thing called "satellite television".
Sounds great.. Until you think about migrating applications; all those nifty stored procedures, never mind c or java tie-ins. The winners still have a long list of unmapped functions that aren't converted.
So, to what extent are these apps actually ready for the lime light, and to what extent did CA just choose a date to give away some money to grab some "free" publicity?
Also, it reflects quite poorly on all the databases (Oracle, DB2, and Ingres itself) that you *need* tools like this. If they could only have figured out how to stick to standards (or *jointly* come up with new, open standards) none of this would be necessary..
If current trends continue, it means that a black male in the United States would have about a 1 in 3 chance of going to prison during his lifetime. For a Hispanic male, it's 1 in 6; for a white male, 1 in 17... An estimated 4,299,000 former prisoners are still alive..By 2010, the number of American residents in prison or with prison experience is expected to jump to 7.7 million, or 3.4 percent of all adults, according to the new report.
And that's probably just people who went to prison; that doesn't include people who were only fined for a felony and/or received a suspended sentence and/or did community service, and perhaps even excludes people who went to jail rather than prison.
Not 1-in-5, but even for white males, uncomfortably close.
Well-behaved apps don't abuse the registry to such an extent you need to add keys before using a newer version. Even badly behaved apps won't balk if you just use a.reg to add some entries - just use a registry compare tool to see the differences when an app is upgraded.
Hand-rolled MSIs aren't much more than a registry and filesystem diff. Usually, the former is not even needed.
The 5 is just a bit heavy and largish though. The revo fixed all that, and both had EPOC32's great user interface (far better than windows mobile or in fact the symbian-based OSes from Ericsson and Nokia).
Also, mine is broken.
So I have a PDA with builtin GSM/GPRS phone, the XDA-II.. Quite nice, but would have been nicer had it been a psion..
Too bad, Psion really could have made it work, in its time it had more software and developers than even Palm (mostly because the thing came with a scripting language).
I mean, really, what's the deal here? Most apps can be easily kept up to date by an easy-peasy daily xcopy command. What's up with all this "enterprise management" bullcrap? An application is a bunch of files, they change, you copy the new version over them.
Just because this won't work for spectacularly ill designed applications such as the likes of internet explorer doesn't mean you should become a drooling idiot if an app doesn't come with an MSI or a SUS server.
I mean fer cryin out loud, on most well-managed LANs you can run firefox off of a shared folder on the network and no-one'd notice..
But then I guess adding a little batch file that uses xcopy to "check for updates" to your clients' shortcuts is HARD. It doesn't come with a click-and-drool interface suitable for monkeys, does it? *sigh*
The patents were filed March 18, 2004 and June 16, 2004. Obviously tons of prior art exists. Oh wait! It is the US we are talking about, the country where tons of obvious prior art does not matter, the US patent office has time and time again demonstrated that it only cares who gives them the biggest pile of money.
Actually, patenting this sort of stuff is genius. Now only Macrovision will be allowed to try and spoof hashes, etc. So P2P freedom fighters need only bankrupt/hijack 1 corporation!
We should think up more attacks and patent them immediately - anyone uses them gets sued! Don't forget the obvious ones like "restricting access to telephony over IP by port-filtering"..
Your analogy is flawed. Artists have never had a right to prevent you from looking at their work in a certain way. Painters can't stop the colorblind or those wearing sunglasses to look at their paintings. Anyone can skip entire chapters when reading a book. I can play Beethoven and Britney Spears at the same time if I please.
What I do with those works in the privacy of my own home is my business. I might just prefer it that way, and there's nothing you can do about it.
Artists do have recourse against people redistributing altered ("raped") works, but that is also limited.
In the case of greasemonkey, it's just a tool you use to view the web; other people might use other tools, like lynx for example, which renders a page completely differently from firefox or internet explorer. It's personal use. So lay off of it.
For example, 5000 years ago a man who had a faulty liver would most likely die and his genetic line might die with him. Today, a man with a faulty liver spends a coule of days in a hospital and is able to continue his genetic line. So in essence, science has outsmarted evolution. Survival of the fittest doesn't apply when everyone survives.
A few observations 1) in the course of 5000 years, not much has changed in mankind's genetic make-up anyway - evolution takes more than 5000 years to accomplish significant changes. 2) there will always be incurable diseases, or at least diseases that would prevent someone from procreating 3) likewise, there will always be non-medical causes for non-procreation; it's still survival of the fittest, but the fitness criteria are externalized.
For an example of 3, simply look at the birthrates for different genders in China; its one-child policy has resulted in a lot more families that have a single son. Not because sperm carrying the Y chromosome suddenly became wildly more succesful in reaching the ovary, but because parents place such high social significance on having a son that, being allowed only one child, they kill off their female first-born to have another try.
Single parents are still an exception to the rule; because it's hard to raise a child on (the lack of) a single income. Single people are less likely to procreate. So, if people who fail to attract a partner share genetic traits, these traits will have a disadvantage, and may disappear, whatever these traits may be (congenital ugliness, genetic propensity to not holding a job such as low IQ, psychological illness, etc.)
Now, in 5000 years, I'd expect people to look much like they do today, though a lot more people will be of mixed race, they won't suddenly have 3 arms. But in a million years? Who knows? Perhaps some people will even have certain mutated enzymes that can actually digest McDonald's food.
The most likely outcome of future human evolution might be something like Kornbluth's "Marching Morons." Over the next few centuries, the average IQ of the human race will drop to 60-70.
I think those pushing for digital radio are overlooking the key advantages that analog radio has -- simple equipment, and a massive installed base.
On the other hand, digital radio has distinct advantages, especially in moving vehicles. Even when using RDS/EON to track the best frequency to receive a station on, the frequency switches are audible on analog. Digital doesn't care that the signal is fading, it either works or doesnt, and if it works, the sound is always the same volume. Getting good reception out of digital with simple, low-quality components is a lot easier than building an analog set that filters out all those analog hisses and pops and whatnots. You just need to build a checksum, do some errorcorrection, and if you can't recover the frame, drop in some silence. I'd much prefer this over the upsetting noises my car radio can sometimes scare me with when driving (especially crosstalk from other stations when crossing bridges).
NTFS permissions are great! But they're not being used.
Does the default user on Windows XP Home edition run as Administrator? Yes. Do the default users on Linux or even user-friendly Mac OS/X run as root? No.
It doesn't matter how finegrained your permissions get as long as everybody's essentially root.
FWIW, ACLs are available on linux, a quick google on ACLs linux renders "The new Linux 2.6 kernel supports ACLs for EXT2, EXT3, XFS, JFS, and ReiserFS." not bad. Then, there are also multiple projects that support mandatory access controls on linux, such as LIDS or SELinux.
"Viruses exploit a flaw in the security model of the OS."
No, they don't. Worms and trojans frequently exploit holes in the OS, but traditional viruses work by modifying executables. Unless we disable the ability to write to the disk (or disable the ability to execute code), viruses aren't going away.
This disabling of writing to disk or disabling programs to execute exists. In fact, it can be even more finegrained; for example a certain "user" can stripped from his "administrator" privilegs so that he can't write to executables. Likewise, executables can lack "priviliges" to execute certain harmful code.
These magical methods used to tighten holes in the OS is known as "having a real security model", namely one "whereby you don't log in as administrator all the time, like in linux or even mac os/x".
"CNet is reporting that both the House and Senate are planning to review the 16 portions of the Patriot Act that are set to expire at the end of the year"
How can they review something they didn't even read in the first place!?
Does every story have to have someone complaining about the slashdot editors??
The way things are now, the air interface doesn't matter much; for things like data, TCP/IP is the standard, whether it be over GPRS, 802.11b/g, 3G/EDGE or whatever.
SMS and call-setup is usually handled by device-specific AT-commands to a virtual COM-port.
Seeing as this is essentially an embedded market, i.e. the OS comes with the device and you won't be replacing it with an upgrade that's provided by anybody else than the hardware supplier, this is really a non-issue.
It's more troubling that most all hardware is produced by the same company; High Technology Corporation of Taiwan (HTC). They make iPaqs, XDA/iMate, basically almost all MS smartphones, Palm Treos etc. The only real competitors are Nokia and SonyEricsson.
The problem with all these platforms is that they pretty much suck. They're nowhere near as userfriendly as the ancient epoc32 platform that symbian had developed for their psion 5. PDA sales are mostly driven by GPS-PDA combos that come with navigation software that basically is a GUI onto its own, not relying on the underlying OS for many widgets or functionality. The functionality provided by Microsoft "smartphones" is not that much more than bog standard calendaring etc. No need to have a mobile OS for that; especially Nokia has been bunging a tiny calendar on every handset they produce for years.
I swear one night I saw a group of people standing on their shoulders, rotating a speed camera around 90 degrees. Nobody in the police actually realised it had been rotated for a few months...
I presume they were tipped off by the Royal AirForce's complaints about their jets being ticketed for speeding.
I wonder (not really.. it wouldn't require many updates) why Symantec and those guys don't sell a windows-hardening kit.. Even if you "need" to run as an Administrator all the time to play games, surely it would be trivial to make a shell arount Iexplore.exe that makes it run as a very restricted user that can only read&write its own homedirectory? And so on and so forth for lots of other nasty applications that don't actually need administrator rights.
If you want to use code, abide by the license or renegotionate. That's the same as for proprietary code.
What WON'T happen is that a judge will step in and force you to publish your source code because you included GPL'ed code. THIS is the fallacious argument.
A judge will only force you to pay damages. It's up to the corporation to decide whether to pay damages, or to release the code. If releasing the code is less costly, this is an additional escape the GPL provides that you DON'T have with proprietary code.
So even if you illegally sneak GPL code into your product and are caught, GPL code is more benign than proprietary code since it gives you more options.
Not quite as ideally risk-free as BSD-licensed or public domain code, but better than proprietary nonetheless.
What are the best practices for managing Websites for Open Source projects, where the developers are dispersed throughout the globe? For our project there is NO central office, where we can secure the password for the downloads Website? Who should have the possession of the password? Multiple people, or just the project manager? What Password Escrow (recovery) techniques can be used, in case the password holder is not available? Who should be allowed to upload the build? Currently one person handles the uploads, but I think that is surely a single point of failure. Any thoughts/ideas?
Slashdot Mirror
Firefox can be the mostest secure webbrowser evar tomorrow if it wants. Just include the "su"/"runas" functionality to drop down to a non-privileged user on startup. With, say, read/write permissions to only its own directory. Done. Anyone want to add this feature request to bugzilla, or is it already in there?
This is much harder to achieve with respect to internet explorer, because it's more deeply entrenched in the operating system. Its HTML control (the actual renderer) is used in zillions of places where it shouldn't be, like in outlook (express) to render e-mail.
You need to run internet explorer as an administrator to use (manual) windows update! How lame is that?
"Lookey here! It looks like we've stumbled across a scriptkiddie! D'ya reckon it's a fella or a sheila? These are yung 'uns, and it's hard to tell. I've gotta be really careful, or it'll BITE me!"
Anyone know an internet translator that supports Norwegian? Or even a Norwegian? It would be nice to have a translation so we don't have to sit around making uninformed comments about what we can't understand...
I think "Jeg vil rette en advarsel til alle dere som skal ut å handle kontrollere etter dette. Sjekk_nøye_om kontrolleren er støttet av kjernen! " speaks for itself.
Honestly, what do these companies think that people buy phones for?
To make them a profit. If you want no-frills, buy a low-end phone and get a no-frills plan at reduced rates. Since most people are crap at budgetting, and suckers for shiny things that blink, they get their phones with a plan (and a hefty handset subsidy).
This is what drives telcos to want to recoup ever more money, so they tell the manufacturers to build in more billable features, driving up prices, which in turn drives up handset subsidies, which drives up the demand (on the telcos part) for more billable services.
If you want it to stop, stop people buying phones on credit supplied by the telcos.
I, for one, have an iMate/XDA/MDA 2 with a 2-year plan. So there.
All this video-over-widerange-wireless stuff makes me wonder though - what are the long-term limits of wireless data transfer over large areas? I anticipate (article was more early marketing than real info)that users of this service will not be getting a high-resolution image on their cell phone, and what they get will likely jam with any signal interference, but it won't be too long until competition pushes for higher resolution, more video buffer, etc.
You may have heard of this thing called "satellite television".
Sounds great.. Until you think about migrating applications; all those nifty stored procedures, never mind c or java tie-ins. The winners still have a long list of unmapped functions that aren't converted.
So, to what extent are these apps actually ready for the lime light, and to what extent did CA just choose a date to give away some money to grab some "free" publicity?
Also, it reflects quite poorly on all the databases (Oracle, DB2, and Ingres itself) that you *need* tools like this. If they could only have figured out how to stick to standards (or *jointly* come up with new, open standards) none of this would be necessary..
For those clamoring for stats:
m l
..
http://www.csmonitor.com/2003/0818/p02s01-usju.ht
If current trends continue, it means that a black male in the United States would have about a 1 in 3 chance of going to prison during his lifetime. For a Hispanic male, it's 1 in 6; for a white male, 1 in 17.
An estimated 4,299,000 former prisoners are still alive..By 2010, the number of American residents in prison or with prison experience is expected to jump to 7.7 million, or 3.4 percent of all adults, according to the new report.
And that's probably just people who went to prison; that doesn't include people who were only fined for a felony and/or received a suspended sentence and/or did community service, and perhaps even excludes people who went to jail rather than prison.
Not 1-in-5, but even for white males, uncomfortably close.
Registry.
.reg to add some entries - just use a registry compare tool to see the differences when an app is upgraded.
Well-behaved apps don't abuse the registry to such an extent you need to add keys before using a newer version. Even badly behaved apps won't balk if you just use a
Hand-rolled MSIs aren't much more than a registry and filesystem diff. Usually, the former is not even needed.
The 5 is just a bit heavy and largish though. The revo fixed all that, and both had EPOC32's great user interface (far better than windows mobile or in fact the symbian-based OSes from Ericsson and Nokia).
Also, mine is broken.
So I have a PDA with builtin GSM/GPRS phone, the XDA-II.. Quite nice, but would have been nicer had it been a psion..
Too bad, Psion really could have made it work, in its time it had more software and developers than even Palm (mostly because the thing came with a scripting language).
I mean, really, what's the deal here? Most apps can be easily kept up to date by an easy-peasy daily xcopy command. What's up with all this "enterprise management" bullcrap? An application is a bunch of files, they change, you copy the new version over them.
Just because this won't work for spectacularly ill designed applications such as the likes of internet explorer doesn't mean you should become a drooling idiot if an app doesn't come with an MSI or a SUS server.
I mean fer cryin out loud, on most well-managed LANs you can run firefox off of a shared folder on the network and no-one'd notice..
But then I guess adding a little batch file that uses xcopy to "check for updates" to your clients' shortcuts is HARD. It doesn't come with a click-and-drool interface suitable for monkeys, does it? *sigh*
The patents were filed March 18, 2004 and June 16, 2004. Obviously tons of prior art exists. Oh wait! It is the US we are talking about, the country where tons of obvious prior art does not matter, the US patent office has time and time again demonstrated that it only cares who gives them the biggest pile of money.
Actually, patenting this sort of stuff is genius. Now only Macrovision will be allowed to try and spoof hashes, etc. So P2P freedom fighters need only bankrupt/hijack 1 corporation!
We should think up more attacks and patent them immediately - anyone uses them gets sued! Don't forget the obvious ones like "restricting access to telephony over IP by port-filtering"..
Your analogy is flawed. Artists have never had a right to prevent you from looking at their work in a certain way. Painters can't stop the colorblind or those wearing sunglasses to look at their paintings. Anyone can skip entire chapters when reading a book. I can play Beethoven and Britney Spears at the same time if I please.
What I do with those works in the privacy of my own home is my business. I might just prefer it that way, and there's nothing you can do about it.
Artists do have recourse against people redistributing altered ("raped") works, but that is also limited.
In the case of greasemonkey, it's just a tool you use to view the web; other people might use other tools, like lynx for example, which renders a page completely differently from firefox or internet explorer. It's personal use. So lay off of it.
Browsers are like cheerleaders. They're popular, and they might say they use protection, but you'd better know they get around.
For example, 5000 years ago a man who had a faulty liver would most likely die and his genetic line might die with him. Today, a man with a faulty liver spends a coule of days in a hospital and is able to continue his genetic line. So in essence, science has outsmarted evolution. Survival of the fittest doesn't apply when everyone survives.
A few observations
1) in the course of 5000 years, not much has changed in mankind's genetic make-up anyway - evolution takes more than 5000 years to accomplish significant changes.
2) there will always be incurable diseases, or at least diseases that would prevent someone from procreating
3) likewise, there will always be non-medical causes for non-procreation; it's still survival of the fittest, but the fitness criteria are externalized.
For an example of 3, simply look at the birthrates for different genders in China; its one-child policy has resulted in a lot more families that have a single son. Not because sperm carrying the Y chromosome suddenly became wildly more succesful in reaching the ovary, but because parents place such high social significance on having a son that, being allowed only one child, they kill off their female first-born to have another try.
Single parents are still an exception to the rule; because it's hard to raise a child on (the lack of) a single income. Single people are less likely to procreate. So, if people who fail to attract a partner share genetic traits, these traits will have a disadvantage, and may disappear, whatever these traits may be (congenital ugliness, genetic propensity to not holding a job such as low IQ, psychological illness, etc.)
Now, in 5000 years, I'd expect people to look much like they do today, though a lot more people will be of mixed race, they won't suddenly have 3 arms. But in a million years? Who knows? Perhaps some people will even have certain mutated enzymes that can actually digest McDonald's food.
The most likely outcome of future human evolution might be something like Kornbluth's "Marching Morons." Over the next few centuries, the average IQ of the human race will drop to 60-70.
And this has not yet happened?
I suppose the power only comes on once a month?
I think those pushing for digital radio are overlooking the key advantages that analog radio has -- simple equipment, and a massive installed base.
On the other hand, digital radio has distinct advantages, especially in moving vehicles. Even when using RDS/EON to track the best frequency to receive a station on, the frequency switches are audible on analog. Digital doesn't care that the signal is fading, it either works or doesnt, and if it works, the sound is always the same volume. Getting good reception out of digital with simple, low-quality components is a lot easier than building an analog set that filters out all those analog hisses and pops and whatnots. You just need to build a checksum, do some errorcorrection, and if you can't recover the frame, drop in some silence.
I'd much prefer this over the upsetting noises my car radio can sometimes scare me with when driving (especially crosstalk from other stations when crossing bridges).
NTFS permissions are great! But they're not being used.
Does the default user on Windows XP Home edition run as Administrator? Yes. Do the default users on Linux or even user-friendly Mac OS/X run as root? No.
It doesn't matter how finegrained your permissions get as long as everybody's essentially root.
FWIW, ACLs are available on linux, a quick google on ACLs linux renders "The new Linux 2.6 kernel supports ACLs for EXT2, EXT3, XFS, JFS, and ReiserFS." not bad. Then, there are also multiple projects that support mandatory access controls on linux, such as LIDS or SELinux.
"Viruses exploit a flaw in the security model of the OS."
No, they don't. Worms and trojans frequently exploit holes in the OS, but traditional viruses work by modifying executables. Unless we disable the ability to write to the disk (or disable the ability to execute code), viruses aren't going away.
This disabling of writing to disk or disabling programs to execute exists. In fact, it can be even more finegrained; for example a certain "user" can stripped from his "administrator" privilegs so that he can't write to executables. Likewise, executables can lack "priviliges" to execute certain harmful code.
These magical methods used to tighten holes in the OS is known as "having a real security model", namely one "whereby you don't log in as administrator all the time, like in linux or even mac os/x".
Insightful, my ass.
"CNet is reporting that both the House and Senate are planning to review the 16 portions of the Patriot Act that are set to expire at the end of the year"
How can they review something they didn't even read in the first place!?
Does every story have to have someone complaining about the slashdot editors??
The way things are now, the air interface doesn't matter much; for things like data, TCP/IP is the standard, whether it be over GPRS, 802.11b/g, 3G/EDGE or whatever.
SMS and call-setup is usually handled by device-specific AT-commands to a virtual COM-port.
Seeing as this is essentially an embedded market, i.e. the OS comes with the device and you won't be replacing it with an upgrade that's provided by anybody else than the hardware supplier, this is really a non-issue.
It's more troubling that most all hardware is produced by the same company; High Technology Corporation of Taiwan (HTC). They make iPaqs, XDA/iMate, basically almost all MS smartphones, Palm Treos etc. The only real competitors are Nokia and SonyEricsson.
The problem with all these platforms is that they pretty much suck. They're nowhere near as userfriendly as the ancient epoc32 platform that symbian had developed for their psion 5. PDA sales are mostly driven by GPS-PDA combos that come with navigation software that basically is a GUI onto its own, not relying on the underlying OS for many widgets or functionality. The functionality provided by Microsoft "smartphones" is not that much more than bog standard calendaring etc. No need to have a mobile OS for that; especially Nokia has been bunging a tiny calendar on every handset they produce for years.
I swear one night I saw a group of people standing on their shoulders, rotating a speed camera around 90 degrees. Nobody in the police actually realised it had been rotated for a few months...
I presume they were tipped off by the Royal AirForce's complaints about their jets being ticketed for speeding.
I wonder (not really.. it wouldn't require many updates) why Symantec and those guys don't sell a windows-hardening kit.. Even if you "need" to run as an Administrator all the time to play games, surely it would be trivial to make a shell arount Iexplore.exe that makes it run as a very restricted user that can only read&write its own homedirectory? And so on and so forth for lots of other nasty applications that don't actually need administrator rights.
If you want to use code, abide by the license or renegotionate. That's the same as for proprietary code.
What WON'T happen is that a judge will step in and force you to publish your source code because you included GPL'ed code. THIS is the fallacious argument.
A judge will only force you to pay damages. It's up to the corporation to decide whether to pay damages, or to release the code. If releasing the code is less costly, this is an additional escape the GPL provides that you DON'T have with proprietary code.
So even if you illegally sneak GPL code into your product and are caught, GPL code is more benign than proprietary code since it gives you more options.
Not quite as ideally risk-free as BSD-licensed or public domain code, but better than proprietary nonetheless.
What are the best practices for managing Websites for Open Source projects, where the developers are dispersed throughout the globe? For our project there is NO central office, where we can secure the password for the downloads Website? Who should have the possession of the password? Multiple people, or just the project manager? What Password Escrow (recovery) techniques can be used, in case the password holder is not available? Who should be allowed to upload the build? Currently one person handles the uploads, but I think that is surely a single point of failure. Any thoughts/ideas?