As long as a user can run arbitrary code that opens up network ports and sends data to arbitrary destinations, it will be difficult to completely secure a machine. Per-application egress filtering would go a long way to securing this, but I'm not aware of anything available for Linux that allows you to do so.
Um, SE Linux:)
At least it goes a way towards this. Combined with some good iptables rules (possibly dynamic?) you could get a pretty good system.
Executed mail attachments not having access to address book or network, for example.
So you assert that SELinux fixes trivial security issues...
I never asserted anything of the kind. SELinux is about implementing access control, which has little if anthing to do with enhancing the kind of security being discussed here, i.e., getting root.
But access control is very much related to stopping exploits. A good set of access controls (SELinux or LIDS or RSBAC or the like) means that when, say, apache gets exploited, the attacker can't do any real damage and certainly can't fork a command shell.
It means that when your mail client gets exploited through an attachment type hole, the executed attachment can't access your address book or send mail itself. All good stuff.
It also means that very few programs need to be run as root thus providing even fewer avenues for the attacker to use.
> Taking a clue from Photoshop, the Gimp could be made much more user-friendly just by adding a simple window frame around all the controls and sub-windowing all the other windows.
And that's almost exactly why I *like* the Gimp. I let my (carefully chosen to suit my needs) window manager deal with organising them.
Apps that put everything in one parent window really bug me since I have to organise *those* windows seperately from all the other apps I have running. And I can't see my other windows when I have one of the app windows in front.
>> If I install a text editor, I probably don't want it to be able to access the Internet. It should be possible to say, "for this app here, don't let it do anything network related".
> For Windows (sigh), you can use ZoneAlarm (free edition) to do exactly this. It would be nice to have something like that in the Linux kernel.
This is what projects like SELinux and LIDS are addressing. And the LSM in the 2.6.x kernel paves the way for more.
I think the biggest problem is making it "easy to use".
How fine grained do you want the control?
Wouldn't it be nice to be able to say "Mozilla can read and write ~/.mozilla/ and can write to ~/Downloads/, and nothing else" ?
I think the *ability* for Linux to do this is already there, but with near zero interest from the application developers and users, I can't see how it'll ever become something people actually use. Think how many lists of access rules you'd need for a full blown distro. And they might vary depending on the users needs.
I run LIDS or SELinux occasionally when I get keen about securing my system. But the sheer volume of access details to configure usually tires me out pretty quickly. Mainly because application developers never seem to document the permissions the app needs. Chicken and Egg.
> world does not need more than the 4 billion addresses available with IPv4, and I challenge you to come up with an application that requires that many.
It's not really how many there are, it's *where* they are. And the difficulty of getting them assigned is driving people to use NAT instead, which introduces more trouble than it solves.
If you can solve the problem of allocating IPv4 according to need rather than corporate power, get everyone to use the same set of extensions adding features IPv6 has built in (IPsec, QoS, etc), and solve the routing issues behind finding addresses split up into groups of two or three IPs then maybe you have a point.
> Assuming that you can actually come up with one, it could easily be solved with Network Address Translation, or NAT as it is commonly known.
So how do you do VoIP between two users behind NAT?
How do I run a personal website on my desktop if I'm behind NAT?
Sure, IPv6 may have far more addresses than we think we need. But so did IPv4. 32 bits to hold addresses? - we're only ever going to have maybe 50 universities with seven or eight computers each on the internet!
I find applications still need a lot more speed too. And it's not just inefficient coding I think. Detecting and removing most of the spam from my mailbox takes my mail filters about 2 minutes a day, seemingly regardless of the mail client I use.
Virus scanners (and possibly other security methods) are still a big slow down. And I can't see things improving on that front.
> i'm really sorry to disagree with you, but there is no such concept as truth in science.
Well, there is in mathematics and logic, but I guess that's only mildly related.
Truth is the very foundation that science is built on. The idea that there is an objective Way Things Are that we can learn about. You might not be able to scientifically prove that theory A is true, but you can certainly prove that theory B is false. And so you move towards the absolute truth. Sure, we may never get there, but as long as we stick to the method (Popper style), we'll move closer. And learn.
> what tryuth is there in the statement that the table is solid?
But that's only revealed that we haven't defined "solid" very well. It becomes a language argument. "What do we mean by solid?".
We've uncovered the falsity that "feels solid to our hand" is the same thing as "matter with no spaces in it". So now we know they're different.
> i can assure you that many scientists are *huge* bigots, religiously debating their point of view, whether it is based on fact or not. many people do not like to be told they are wrong;)
While I agree with this - we're all only human after all, this is where *science* comes in. The scientific method gives us a way to find the truth regardless of people's emotions, habits, or invisible friends.
Sure, it doesn't help stop the policy makers from supporting their own pet theory, but if their theory is wrong, then their opponents actually can prove it.
As someone who also develops examination software, and who is doing academic research into computer security, I have to say that this is a ridiculous idea. Aside from requiring people to have specific hardware and purchase specific (pricey, but I guess they're law students...) software, the security issues here are horrendous.
The *only* ways to do this kind of thing is either have the software running on trusted hardware like a previously set up computer lab, or run the software on a trusted server and give the *untrusted* clients only a thin-client (citrix/ts/vnc/web browser). AND you have to have someone supervising them to make sure they've smuggled no notes in and aren't cut'n'pasting from another app.
Surely a law school, of all places, would have someone who knows a bit about information security on staff?
This software looks like exactly the kind of product developed by someone with no security training outside Microsofts VB tutorials.
Exactly the kind of software not to use for anything important - and Exams at Law School are important - there is a huge amount of money and future careers involved.
How is this kind of situation any different from when a stolen car is used to commit a crime?
Your car being used in a getaway may make you the first stop for Mr Nice Policeman, but should you be charged for not securing your car well enough that it was stolen that morning?
Should you be presumed guilty (as an accomplice, perhaps?) automatically if you can't prove that your car was stolen?
Sometimes "high-tech" problems are very similar to old familiar ones.
> If viewing ads is spending a currency you don't want to spend, why are you not a subscriber?
I am in other places, but slashdot quality is much too sporadic. I'd much rather have micropayments and pay when there's something interesting to read.
> The most important point, IMO, is that there are cognitive costs associated with the decision about whether or not to make a purchase that don't go away as dollar amounts decrease.
Which is a good argument, IMHO. However, aren't there very similar costs in viewing an advert?
> It doesn't fix the fact that most people don't want to pay for internet content in any way, shape or form.
I think it all comes down to whether there are enough people who don't mind paying for good content to support the creators.
I'm one of them, and while most of the content under BitPass at the moment isn't really my thing, a lot of it's certainly of high quality and well worth paying for.
And to me, viewing ads *is* paying. In a currency I don't want to spend.
> My wife brought up a good point: if the DVD(s) is will be stoked with so many "extra features", how much of an effect will that have on getting people to see the movie? Why bother going at all?
Because some of us don't have 20ft wide TV screens and high quality sound systems.
>> This also explains why the hard drive on my iBook seems alot hotter since upgrading.
> The only way this feature can do that is if you're writing small files continuously. That's very strange software behavior, and perhaps a worst case for this optimizer. Why would you be doing that?
Sounds like compiling to me. Typical usage for a developer.
> Anyway, the techniques I described use max-width and an IE specific technique to accomplish the same in the CSS, which means that, unlike ALA, you can always narrow the window as much as you'd like
Yes, but can you *increase* the width?
Many web sites appear as a tiny little box in the corner of my screen these days. 600 pixels wide is *small*. Thanks to decent web browsers I can increase the size of the fonts to a readable size, but often end up with paragraphs two or three words wide, which are really difficult to read!
Is it really too much to expect users to have their browser window a size and shape that they find comfortable? I mean, really?
Do newspapers come with torches because people might try and read them in bad light?
Are TV programs made to occupy only half the screen because the viewer might be using a projector and find the picture too big?
> the story on shacknews for example on how valve got trojaned.. > why on earth did they keep using software they knew was suspectible to be trojaned?
To me, this is the place responsibility needs to lie. It's the people who choose systems that are *known* to be bad for important things. Find the forces that "made" them use Outlook and there is a first line of blame.
If a power plant uses MS Windows or Linux for a critical system and it blows up, it's the person who made that call who should be held mostly responsible due to negligence.
If manufacturers are making claims that their systems are secure, or are useable for critical work, then that's probably a case of false advertising and should be dealt with as such.
Valve should be looking to see if its own staff were negligent first. Who was responsible for choosing a known bad, internet connected, system for storing very important data?
Just the same as if I left a printout of the source code in the local pub by accident. If it was an Outlook exploit, then I don't see this as any different fundamentally.
If you have a multi-million dollar asset, you should put some effort into protecting it. Not blame HP for letting you print it out and leave it in the pub.
If I was working on the source for Doom 4, you can be damned sure I wouldn't keep it on my internet connected debian box.
Thus percent acheivement is calculated by the formula ((H/BD)/(Expectancy/FF ) ) * 100 where H is the number of examining hours for the time period being measured (common measurement periods are biweekly, quarterly, annually), BD is the balanced disposal figure counted in the time period, expectancy is the GS-12 Goal assigned to the examiner based on the art area to which he or shis is assigned (the "docket") and FF is the "Feldman Factor" assigned based on Grade and "contact and commitment authority".
> Can someone provide some concrete examples of problems this causes?
Well for me, for example, when I mistype a URL, I no longer get an error message almost instantly. I have to wait several seconds (sometimes 10 to 30 - yay modems) to discover that I haven't actually reached the page I wanted.
A few times a day and this gets close to the amount of my time and resources that get wasted by spammers.
I also get ads thrust in my face, which I consider to be extremely rude and quite costly to myself.
Multiply that by the number of people this affects and you start to get costs up there with the costs of damage of viruses and spammers.
Slashdot Mirror
Um, SE Linux
At least it goes a way towards this. Combined with some good iptables rules (possibly dynamic?) you could get a pretty good system.
Executed mail attachments not having access to address book or network, for example.
- Colin
But access control is very much related to stopping exploits. A good set of access controls (SELinux or LIDS or RSBAC or the like) means that when, say, apache gets exploited, the attacker can't do any real damage and certainly can't fork a command shell.
It means that when your mail client gets exploited through an attachment type hole, the executed attachment can't access your address book or send mail itself. All good stuff.
It also means that very few programs need to be run as root thus providing even fewer avenues for the attacker to use.
- Muggins the Mad> Taking a clue from Photoshop, the Gimp could be made much more user-friendly just by adding a simple window frame around all the controls and sub-windowing all the other windows.
And that's almost exactly why I *like* the Gimp. I let my (carefully chosen to suit my needs) window manager deal with organising them.
Apps that put everything in one parent window really bug me since I have to organise *those* windows seperately from all the other apps I have running. And I can't see my other windows when I have one of the app windows in front.
- MugginsM
>> If I install a text editor, I probably don't want it to be able to access the Internet. It should be possible to say, "for this app here, don't let it do anything network related".
> For Windows (sigh), you can use ZoneAlarm (free edition) to do exactly this. It would be nice to have something like that in the Linux kernel.
This is what projects like SELinux and LIDS are addressing. And the LSM in the 2.6.x kernel paves the way for more.
I think the biggest problem is making it "easy to use".
How fine grained do you want the control?
Wouldn't it be nice to be able to say "Mozilla can read and write ~/.mozilla/ and can write to ~/Downloads/, and nothing else" ?
I think the *ability* for Linux to do this is already there, but with near zero interest from the application developers and users, I can't see how it'll ever become something people actually use. Think how many lists of access rules you'd need for a full blown distro. And they might vary depending on the users needs.
I run LIDS or SELinux occasionally when I get keen about securing my system. But the sheer volume of access details to configure usually tires me out pretty quickly. Mainly because application developers never seem to document the permissions the app needs. Chicken and Egg.
- MugginsM
> Is there a mention in any publications (The Dr. Who Technical Manual, for instance) what software the Dalek's ran?
um, DavrOS?
- Muggins the Mad
> world does not need more than the 4 billion addresses available with IPv4, and I challenge you to come up with an application that requires that many.
It's not really how many there are, it's *where* they are. And the difficulty of getting them assigned is driving people to use NAT instead, which introduces more trouble than it solves.
If you can solve the problem of allocating IPv4 according to need rather than corporate power, get everyone to use the same set of extensions adding features IPv6 has built in (IPsec, QoS, etc), and solve the routing issues behind finding addresses split up into groups of two or three IPs then maybe you have a point.
> Assuming that you can actually come up with one, it could easily be solved with Network Address Translation, or NAT as it is commonly known.
So how do you do VoIP between two users behind NAT?
How do I run a personal website on my desktop if I'm behind NAT?
Sure, IPv6 may have far more addresses than we think we need. But so did IPv4. 32 bits to hold addresses? - we're only ever going to have maybe 50 universities with seven or eight computers each on the internet!
- Muggins
> Write a shell script to beep your pc speaker continually for 10 minutes after this time, it should preceed to rm -rf / *
Great until you stay the night at a friends place.
- Muggins the Mad
Gentoo.
(or any from-source system)
I find applications still need a lot more speed too. And it's not just inefficient coding I think. Detecting and removing most of the spam from my mailbox takes my mail filters about 2 minutes a day, seemingly regardless of the mail client I use.
Virus scanners (and possibly other security methods) are still a big slow down. And I can't see things improving on that front.
- Muggins the Mad
> i'm really sorry to disagree with you, but there is no such concept as truth in science.
Well, there is in mathematics and logic, but I guess that's only mildly related.
Truth is the very foundation that science is built on. The idea that there is an objective Way Things Are that we can learn about. You might not be able to scientifically prove that theory A is true, but you can certainly prove that theory B is false. And so you move towards the absolute truth. Sure, we may never get there, but as long as we stick to the method (Popper style), we'll move closer. And learn.
> what tryuth is there in the statement that the table is solid?
But that's only revealed that we haven't defined "solid" very well. It becomes a language argument. "What do we mean by solid?".
We've uncovered the falsity that "feels solid to our hand" is the same thing as "matter with no spaces in it". So now we know they're different.
- Muggins the Mad
> i can assure you that many scientists are *huge* bigots, religiously debating their point of view, whether it is based on fact or not. many people do not like to be told they are wrong ;)
While I agree with this - we're all only human after all, this is where *science* comes in. The scientific method gives us a way to find the truth regardless of people's emotions, habits, or invisible friends.
Sure, it doesn't help stop the policy makers from supporting their own pet theory, but if their theory is wrong, then their opponents actually can prove it.
- Muggins the Mad
> The mortality rate goes down, and suddenly we have even more of a population problem than we started with.
Or alternatively while the mortality rate goes down, the number of people sick enough that society has to support them also goes down...
- Muggins the Mad
As someone who also develops examination software, and who is doing academic research into computer security, I have to say that this is a ridiculous idea. Aside from requiring people to have specific hardware and purchase specific (pricey, but I guess they're law students...) software, the security issues here are horrendous.
The *only* ways to do this kind of thing is either have the software running on trusted hardware like a previously set up computer lab, or run the software on a trusted server and give the *untrusted* clients only a thin-client (citrix/ts/vnc/web browser). AND you have to have someone supervising them to make sure they've smuggled no notes in and aren't cut'n'pasting from another app.
Surely a law school, of all places, would have someone who knows a bit about information security on staff?
This software looks like exactly the kind of product developed by someone with no security training outside Microsofts VB tutorials.
Exactly the kind of software not to use for anything important - and Exams at Law School are important - there is a huge amount of money and future careers involved.
- Muggins the Mad
> Turning down that dark alley is just one click away on the internet.
Except, of course, it's very difficult to get mugged or raped while sitting on a chair at home.
- MugginsM
How is this kind of situation any different from when a stolen car is used to commit a crime?
Your car being used in a getaway may make you the first stop for Mr Nice Policeman, but should you be charged for not securing your car well enough that it was stolen that morning?
Should you be presumed guilty (as an accomplice, perhaps?) automatically if you can't prove that your car was stolen?
Sometimes "high-tech" problems are very similar to old familiar ones.
- Muggins the Mad
> If viewing ads is spending a currency you don't want to spend, why are you not a subscriber?
I am in other places, but slashdot quality is much too sporadic. I'd much rather have micropayments and pay when there's something interesting to read.
- Colin
> The most important point, IMO, is that there are cognitive costs associated with the decision about whether or not to make a purchase that don't go away as dollar amounts decrease.
Which is a good argument, IMHO. However, aren't there very similar costs in viewing an advert?
- MugginsM
> It doesn't fix the fact that most people don't want to pay for internet content in any way, shape or form.
I think it all comes down to whether there are enough people who don't mind paying for good content to support the creators.
I'm one of them, and while most of the content under BitPass at the moment isn't really my thing, a lot of it's certainly of high quality and well worth paying for.
And to me, viewing ads *is* paying. In a currency I don't want to spend.
- MugginsM
> My wife brought up a good point: if the DVD(s) is will be stoked with so many "extra features", how much of an effect will that have on getting people to see the movie? Why bother going at all?
Because some of us don't have 20ft wide TV screens and high quality sound systems.
- MugginsM
Aside from missing most of the action scenes (stop bloody using strobes everywhere people! Not cool for some of us!), I really enjoyed Revolutions.
All time great, wonderful movie? No.
Best acting I've ever seen? Nope.
Some Really Bad Science? Certainly.
Fun, action filled adventure with a bit of tension, a bit of fun philosophy, and some over the top in a fun kind of way special effects? Sure.
But then, I thought similarly about the first one.
- Muggins the Mad
> The only way this feature can do that is if you're writing small files continuously. That's very strange software behavior, and perhaps a worst case for this optimizer. Why would you be doing that?
Sounds like compiling to me. Typical usage for a developer.
- Muggins the Mad
> Anyway, the techniques I described use max-width and an IE specific technique to accomplish the same in the CSS, which means that, unlike ALA, you can always narrow the window as much as you'd like
Yes, but can you *increase* the width?
Many web sites appear as a tiny little box in the corner of my screen these days. 600 pixels wide is *small*. Thanks to decent web browsers I can increase the size of the fonts to a readable size, but often end up with paragraphs two or three words wide, which are really difficult to read!
Is it really too much to expect users to have their browser window a size and shape that they find comfortable? I mean, really?
Do newspapers come with torches because people might try and read them in bad light?
Are TV programs made to occupy only half the screen because the viewer might be using a projector and find the picture too big?
- MugginsM
>> Its your own damn fault if you use Outlook
> Is it the driver's fault for using a car that explodes when rear-ended?
It is if there had been 15 years worth of regular news articles about that make of car exploding in accidents.
- Muggins the Mad
> the story on shacknews for example on how valve got trojaned..
> why on earth did they keep using software they knew was suspectible to be trojaned?
To me, this is the place responsibility needs to lie. It's the people who choose systems that are *known* to be bad for important things. Find the forces that "made" them use Outlook and there is a first line of blame.
If a power plant uses MS Windows or Linux for a critical system and it blows up, it's the person who made that call who should be held mostly responsible due to negligence.
If manufacturers are making claims that their systems are secure, or are useable for critical work, then that's probably a case of false advertising and should be dealt with as such.
Valve should be looking to see if its own staff were negligent first. Who was responsible for choosing a known bad, internet connected, system for storing very important data?
Just the same as if I left a printout of the source code in the local pub by accident. If it was an Outlook exploit, then I don't see this as any different fundamentally.
If you have a multi-million dollar asset, you should put some effort into protecting it. Not blame HP for letting you print it out and leave it in the pub.
If I was working on the source for Doom 4, you can be damned sure I wouldn't keep it on my internet connected debian box.
- Muggins the Mad
Maybe someone should patent this.
- Muggins the Mad> Can someone provide some concrete examples of problems this causes?
Well for me, for example, when I mistype a URL, I no longer get an error message almost instantly. I have to wait several seconds (sometimes 10 to 30 - yay modems) to discover that I haven't actually reached the page I wanted.
A few times a day and this gets close to the amount of my time and resources that get wasted by spammers.
I also get ads thrust in my face, which I consider to be extremely rude and quite costly to myself.
Multiply that by the number of people this affects and you start to get costs up there with the costs of damage of viruses and spammers.
- Muggins the Mad