In contrast, every object in Windows NT, from files to operating system data structures, has an access control list and its use can be regulated as appropriate.
Sounds like an administrative nighmare. Enough of a nightmare that many programs require administrator access to function.
Linux system administrators must spend huge amounts of time understanding the latest Linux bugs and determining what to do about them.
Piddle. There are a few that require a bit of understanding, but mostly the bugs are irrelevant or readily worked around. At least with Linux it is possible to understand what is going on. With Microsoft Windows all you can do is trace through running exploit code.
If you're going to discuss Windows security, for god's sake at least do it with a version of Windows designed to be at least somewhat secure
You're missing the point. The more secure Microsoft Windows is the old unpatched "insecure" Windows. That says something about how effective Microsoft has (NOT) been with its security endeavors.
Methinks it's a very deep comparison. Both coding and poetry are about creating an expression with certain structural limitations. Both coding and poetry implicitly define those structural limitations. By following them. Both coding and poetry will suffer from too many words and too little poetry. Both coding and poetry are much better if the whole is greater than the sum of its parts. Both coding and poetry have meaning on multiple levels.
"The common thread was wordsmithing; a suspiciously high proportion of my UNIX colleagues had already developed, in some prior career, a comfort and fluency with text and printed words. They were adept readers and writers, and UNIX played handily to those strengths."
Hmmmm, seems to explain why "Unix hacker" is so right a terminology. It has more in common with a screenwriter hacking a script for a sit-com. No wonder the media "doesn't get it."
Support is like insurance. It's something you want to have, not something you want to use. The curious thing is that Sun's support of Open Office will make Sun's Star Office more attractive to corporations.
I got a chuckle out of "send one of their less assertive employees". It does happen in real life, when the problem does have to be solved. But it's not my decision to make. It's my boss's boss or higher that has to make that kind of decision. It's not cheap and it's not nearly as effective as it should be.
The real advantage of Open Source is that it's much less like doing watch repair wearing mittens.
The proverbial "reinvention of the wheel" is not really reinvention.
The wheel as implemented does not start with a perfect wheel to which assorted stuff is tacked on. The wheel as implemented starts with something cobbled together which bears some resemblance to a wheel, quite possible with no knowledge of wheels. It's only with lots of time and lots of effort that the essence of wheel can emerge from the cobbled togethered messes.
After a half dozen linked list implementations, you probably have a much better understanding of what a linked list is than when you started. For all I know, the attempts at implementation may well be the easiest way to get at that understanding.
There is much that is non-trivial about making a perfect ball bearing.
It is a myth that since you have thousands of users you have thousands of eyes looking at the code.
Myth: Thousands of users are looking at the code. Not Myth: Thousands of users could be looking at the code.
Not Myth: It's that one out of thousands that because (s)he can when (s)he needs to and thereby does that matters. No silver bullet, but it improves the odds drastically.
Personally, mostly I wouldn't bother looking. But IF for some reason, what and how I'm doing something exposes an interesting bug, I will be looking to see "how come", code included.
You do forensic analysis on the airplanes that crash, to see "how come". You don't scrutinize the ones that are flying with the same severity. Aircraft safety would be much worse if aircraft designers could not obtain any information about crashed airplanes. (Part of the closed-source scenario. The developers do not have access to information about crashed applications. No I am not going to ship my servers, users, configurations and proprietary data to some vendor so that they can maybe get to something in a few months.)
I can duplicate the bug. I have sent it to the company I bought the software from and I still do not have a fix.
You can duplicate the bug. You do not have the source. They have the sources. Their setup can easily be so that they cannot duplicate the bug.
There is also the strong possibility that fixing that bug just moves the bug-covering and by closing off one bug it lets a bunch of other bugs loose on the unsuspecting victims.
There is also the messy problem of tracking and propagating the fix. I'm an old fart, so bear with me on the manual drafting analogy. If a drawing is missing a line, you can't just go into the filing drawers, pull the drawing, add the line, put it back and be finished with it.
This is why methinks Open Source will ultimately win. Not (just) on the low-end, low-budget side, but more importantly on the high-end, high budget side. If the fix fixes one bug that you care about and exposes ten bugs you do not care about, it is a good fix. For you. It is of course to your advantage that that fix, minus any assorted buglets that you do not care about, makes it into the general stream. In the meantime, you have something that is almost as good.
The net effect seems to be that Open Source gets almost another nine, almost for free. It's not a magic bullet, but it's a very cheap and effective way to aproximate reliability that would otherwise be prohibitively expensive.
But odds are it is possible (from the correct perspective) to express them in plain english, to a preschooler. Methinks you're right, but getting that perspective is not going to be easy. I have seen (algebraic topology) an arbitrary dimension generalization of Green's and Stokes theorems expressed in four symbols. I didn't really understand it then and I sure don't remember it well now;-(, but if you have the right machinery in place, some things are an awful lot easier. Long division of roman numerals is doable, but somehow I doubt that the Romans ever did it. Algebraic division of polynomials and it can be ground out.
I dunno about the black hats, but if I were one and I had a nice juicy exploit, I would be keeping very quiet about it. So that the exploit would still be working when I wanted/needed it.
Compared to what have to be the real threats, worms coming from reverse-engineering vulnerability patches have to be at most minor nuisances.
Seems there's something about the worst threat to security being a false sense of security.
Security 001 It's extremely difficult to breach a door or window that isn't there.
It is an extreme breach of security to install a semi-patched service where there previously was no such service. It is an extreme breach of security to quietly install any such service.
Passwords on post-it notes or under keyboards (personally I prefer the TOP of keyboards) is relatively a non-threat to security.
IMNSHO UNIX has survived and outlasted its betters precisely because of that old saw. This doesn't mean that everything on a UNIX system is a small tool. UNIX, and its ubiquitous small tools, makes a reasonably strong foundation upon which to build elaborate contraptions and NOT have them collapse of their own dead weight.
For example, you can't as a company say I'm going to sell you a car but I'm not liable if it doesn't run. Seems like junk yards do it with no problems.
Ok, I'll bite. Looks like someone (or more than one someone) is turning up the heat. Seems like there has been a bit of alternation between Open Source and Microsoft. It will be interesting to see how well Microsoft copes with the next malware aimed against Microsoft.
Backup early. Backup often.
Re:Sure, your bank account first
on
Real Security?
·
· Score: 1
Finally, somebody gets it. Breaking security should be just a bit more trouble than it's worth. Staying within security should be easier than breaking outside of it. To have something secured does not mean you need to have everything secured.
It is absolutely normal in this day and age, even without open source, to need to read and write foreign file systems.
From an old fart, it seems like it has always been essential, at least if you don't want to create a disaster on any kind of conversion project.
Methinks that may well be the primary reason that governments are starting to switch to open source solutions. Their data needs to be readable for decades. (if not forever;)
You're thinking FAT16 (DOS/WIN95/NT compatible) FAT32 is unreadable by DOS, NT, WIN95 (later versions of 95 might) FAT32 is readable by WIN98, 2000, XP and of course by any recent Linux (and I would assume BSD)
DRM sounds like a wonderful security measure. For an astute attacker, that is.
Imagine a chink is finally found in the armor. You know it. He knows it. But he can't move and so is thereby forced to remain vulnerable when a trivial patch would be sufficient to solve the problem.
Realistically, methinks your main adversary is Mother Nature. Without the ability to quickly patch to handle unforseen emergencies, life expectancy is severely shortened.
Slashdot Mirror
In contrast, every object in Windows NT, from files to operating system data structures, has an access control list and its use can be regulated as appropriate.
Sounds like an administrative nighmare. Enough of a nightmare that many programs require administrator access to function.
Linux system administrators must spend huge amounts of time understanding the latest Linux bugs and determining what to do about them.
Piddle. There are a few that require a bit of understanding, but mostly the bugs are irrelevant or readily worked around. At least with Linux it is possible to understand what is going on. With Microsoft Windows all you can do is trace through running exploit code.
I'm still looking for a patch for the W32.Clueless.User worm. It seems no matter how restrictive the firewall, this little blighter can get in.
The more restrictive the firewall, the safer the clueless users feel. It is a false sense of security.
You'll have much better luck if you use the firewall to protect the internet from your users.
If you're going to discuss Windows security, for god's sake at least do it with a version of Windows designed to be at least somewhat secure
You're missing the point.
The more secure Microsoft Windows is the old unpatched "insecure" Windows.
That says something about how effective Microsoft has (NOT) been with its security endeavors.
Methinks it's a very deep comparison.
Both coding and poetry are about creating an expression with certain structural limitations.
Both coding and poetry implicitly define those structural limitations. By following them.
Both coding and poetry will suffer from too many words and too little poetry.
Both coding and poetry are much better if the whole is greater than the sum of its parts.
Both coding and poetry have meaning on multiple levels.
Name one of those things you can do with NT that you can't do with Unix.
Microsoft Worms
"The common thread was wordsmithing; a suspiciously high proportion of my UNIX colleagues had already developed, in some prior career, a comfort and fluency with text and printed words. They were adept readers and writers, and UNIX played handily to those strengths."
Hmmmm, seems to explain why "Unix hacker" is so right a terminology.
It has more in common with a screenwriter hacking a script for a sit-com.
No wonder the media "doesn't get it."
Support is like insurance. It's something you want to have, not something you want to use.
The curious thing is that Sun's support of Open Office will make Sun's Star Office more attractive to corporations.
Thank you! You're right of course.
I got a chuckle out of "send one of their less assertive employees".
It does happen in real life, when the problem does have to be solved. But it's not my decision to make. It's my boss's boss or higher that has to make that kind of decision. It's not cheap and it's not nearly as effective as it should be.
The real advantage of Open Source is that it's much less like doing watch repair wearing mittens.
The proverbial "reinvention of the wheel" is not really reinvention.
The wheel as implemented does not start with a perfect wheel to which assorted stuff is tacked on. The wheel as implemented starts with something cobbled together which bears some resemblance to a wheel, quite possible with no knowledge of wheels. It's only with lots of time and lots of effort that the essence of wheel can emerge from the cobbled togethered messes.
After a half dozen linked list implementations, you probably have a much better understanding of what a linked list is than when you started. For all I know, the attempts at implementation may well be the easiest way to get at that understanding.
There is much that is non-trivial about making a perfect ball bearing.
It is a myth that since you have thousands of users you have thousands of eyes looking at the code.
Myth: Thousands of users are looking at the code.
Not Myth: Thousands of users could be looking at the code.
Not Myth: It's that one out of thousands that because (s)he can when (s)he needs to and thereby does that matters. No silver bullet, but it improves the odds drastically.
Personally, mostly I wouldn't bother looking. But IF for some reason, what and how I'm doing something exposes an interesting bug, I will be looking to see "how come", code included.
You do forensic analysis on the airplanes that crash, to see "how come". You don't scrutinize the ones that are flying with the same severity. Aircraft safety would be much worse if aircraft designers could not obtain any information about crashed airplanes. (Part of the closed-source scenario. The developers do not have access to information about crashed applications. No I am not going to ship my servers, users, configurations and proprietary data to some vendor so that they can maybe get to something in a few months.)
I can duplicate the bug. I have sent it to the company I bought the software from and I still do not have a fix.
You can duplicate the bug. You do not have the source.
They have the sources. Their setup can easily be so that they cannot duplicate the bug.
There is also the strong possibility that fixing that bug just moves the bug-covering and by closing off one bug it lets a bunch of other bugs loose on the unsuspecting victims.
There is also the messy problem of tracking and propagating the fix. I'm an old fart, so bear with me on the manual drafting analogy. If a drawing is missing a line, you can't just go into the filing drawers, pull the drawing, add the line, put it back and be finished with it.
This is why methinks Open Source will ultimately win. Not (just) on the low-end, low-budget side, but more importantly on the high-end, high budget side.
If the fix fixes one bug that you care about and exposes ten bugs you do not care about, it is a good fix. For you. It is of course to your advantage that that fix, minus any assorted buglets that you do not care about, makes it into the general stream. In the meantime, you have something that is almost as good.
The net effect seems to be that Open Source gets almost another nine, almost for free. It's not a magic bullet, but it's a very cheap and effective way to aproximate reliability that would otherwise be prohibitively expensive.
But odds are it is possible (from the correct perspective) to express them in plain english, to a preschooler. ;-(, but if you have the right machinery in place, some things are an awful lot easier.
Methinks you're right, but getting that perspective is not going to be easy. I have seen (algebraic topology) an arbitrary dimension generalization of Green's and Stokes theorems expressed in four symbols. I didn't really understand it then and I sure don't remember it well now
Long division of roman numerals is doable, but somehow I doubt that the Romans ever did it. Algebraic division of polynomials and it can be ground out.
Ok, I will repeat it.
The plural of virus is Microsoft.
I dunno about the black hats, but if I were one and I had a nice juicy exploit, I would be keeping very quiet about it. So that the exploit would still be working when I wanted/needed it.
Compared to what have to be the real threats, worms coming from reverse-engineering vulnerability patches have to be at most minor nuisances.
Seems there's something about the worst threat to security being a false sense of security.
In any battle situation I would love to have my enemy be predictable.
Security 001
It's extremely difficult to breach a door or window that isn't there.
It is an extreme breach of security to install a semi-patched service where there previously was no such service.
It is an extreme breach of security to quietly install any such service.
Passwords on post-it notes or under keyboards (personally I prefer the TOP of keyboards) is relatively a non-threat to security.
same old saw about 'many small tools' on UNIX
IMNSHO UNIX has survived and outlasted its betters precisely because of that old saw. This doesn't mean that everything on a UNIX system is a small tool. UNIX, and its ubiquitous small tools, makes a reasonably strong foundation upon which to build elaborate contraptions and NOT have them collapse of their own dead weight.
It sounds too much like Microsoft now has a patent on viruses.
any ideas?
Get 2 monitors and 2 computers.
Do the obvious switch back and forth.
For more fun, also switch the keyboards and mouses.
For example, you can't as a company say I'm going to sell you a car but I'm not liable if it doesn't run.
Seems like junk yards do it with no problems.
A conspiracy theorist could have a field day..
Ok, I'll bite.
Looks like someone (or more than one someone) is turning up the heat.
Seems like there has been a bit of alternation between Open Source and Microsoft. It will be interesting to see how well Microsoft copes with the next malware aimed against Microsoft.
Backup early. Backup often.
Finally, somebody gets it.
Breaking security should be just a bit more trouble than it's worth.
Staying within security should be easier than breaking outside of it.
To have something secured does not mean you need to have everything secured.
It is absolutely normal in this day and age, even without open source, to need to read and write foreign file systems.
From an old fart, it seems like it has always been essential, at least if you don't want to create a disaster on any kind of conversion project.
Methinks that may well be the primary reason that governments are starting to switch to open source solutions. Their data needs to be readable for decades. (if not forever;)
FAT32 only allows files up to 2 GB each
You're thinking FAT16 (DOS/WIN95/NT compatible)
FAT32 is unreadable by DOS, NT, WIN95 (later versions of 95 might)
FAT32 is readable by WIN98, 2000, XP and of course by any recent Linux (and I would assume BSD)
DRM sounds like a wonderful security measure. For an astute attacker, that is.
Imagine a chink is finally found in the armor. You know it. He knows it. But he can't move and so is thereby forced to remain vulnerable when a trivial patch would be sufficient to solve the problem.
Realistically, methinks your main adversary is Mother Nature. Without the ability to quickly patch to handle unforseen emergencies, life expectancy is severely shortened.