Re:not called "easy to use" because...
on
Security and Usability
·
· Score: 4, Insightful
security != easy.
But security doesn't have to be hard, either. Look at desktop firewalls. I last looked at them (zone, sygate, symantec)maybe two years ago, so perhaps they have gotten better, but, user install it and all of a sudden they get a bunch of pop-ups asking if this or that can access the internet and do you want to let it. No context, no explaination, your lucky if you can get the file path. So users start saying yes and pretty soon, that desktop firewall is swiss chese. Couldn't the vendors have at least profiles Windows services and common applications and told the user something like "The Windows Messenger service is trying to listen for connections. If your a home user, you probably don't need this, so say No. If your an company user, ask your IT staff if you need it." rather than some long path. That's useability.
What about all the vendors selling home internet firewalls? Most home users don't need a firewall, they need a NAPT router. If they are running games or an on-line service, then perhaps they need to port forward, but all the rest of that stuff is cruft. But for $50 more you can get a stateful firewall. You don't need it, but you can get it.
These are examples of making the deploymnet of security needlessly complex. Oh, and it gets no better in enterprise security.
There is a lot that could be done to make security easier to deploy while still being robust.
The US Post Office won't accept credit cards that are not signed regardless of the ID you are carrying and they have a big sign that states that in the Post Office. That is the only place that I have ever had a card turned away for not being signed.
everyone had already installed many of the GNU tools because they were more powerful than the system ones
Ack. My bad. I should have said more GNNU like. They are more powerful tools than what ships with Solaris and I am also used to them which certainly helps.
1) perl
2) expect
3) wget
4) lsof
5) grep
6) lynx
7) ssh
8) emacs (I just know it better than VI)
9) bash
10) screen
With those things running, I can pretty much do what I need. I have even installed them on slowlaris machines to make them more linux like.
Hacker Defender is a root kit because it has the capability to backdoor the system it is installed in. As in remote attacker can connect to this port and control the machine.
The DRM that Russinovich describes does't seem to make or listen for network connections nor does it seem to do anything other than hide itself, stop user from ripping CD's and other stuff.
Kids, read the entire blog. It's a piece of DRM software that hides itself.
Mark doesn't say whether it open a backdoor or does anything nefarious other than hide.
I agree that it sucks and is a bad move by Sony, but I have seen other pieces of DRM. A recently purchased Dave Matthews CD, I think Stand-Up, used some piece of shit driver on the CD that installed a CDROM shim when auto-play activated. I didn't read the case before I bought it where there was mention of DRM software on the CD (otherwise I wouldn't have bought it), but the warning was there in little type.
Thought-pieces, retrospectives, discussion of long-term trends, etc. don't depend as much on timely, up-to-the-minute news.
Yeah, the problem is with something like baseball, something is always going on during the season, so these evergreen blogs won't really work>
What I don't get from some of the responses on/. is the vitrolic response to someone explaing that creatig quality content is hard. Come on, when you put up a blog, you want people to read it, to come back and keep reading it. You want the blog to be popular. If readers stop reading, there is no reason to keep writing. (no, writing for writings sake is not all that satisfying). Here is one guys account of what happened. They obviously built an audience and felt an obligation to turn out the best content they could.
Instead of busting thier chops and calling they whiners (which he wasn't doing anyway) just take note that there are PEOPLE behind those pixels.
Kodak around all the time, it was too big, and carrying it AND an iPod AND a phone AND a wallet is uncomfortable
You don't have to carry all that stuff in your back pocket, yah know.:)
I love the crappy camera on my Treo 600. It's a fun toy and good for getting that quick snap. If I want to take "quality" pictures, I break out my Nikon FM3 35mm camera.
Not of small towns necessarily, but of regions and states, sure. I have been using a Garmin GPSMap 76 with thier Mapsource software and while it is good for trip planning and the occasional re-routing, it take fore thought to load the maps and really doens't give a good overview of where you are, where you are going, and where you will be.
Paper maps are exremely useful if your lost and trying to figure out how to get back to where you need to be. Now you can say with a GPS, you never get lost because you always know where you are (and let's just assume you don't loose signal), that is true. But to get back to where you want to go via roads, not as the crow flies typically means. Zoom out to see where you are and try to figure out where you need to be. Try to mouse over roads to get names (which by the way are often route numbers when locally they are named and vice versa and I have seen this on Mapsource, Streets adn Maps, google, and other mapping applications (is other mapping software better)), zoom in to get better pointer resolution, zoom to get context again, set way points, zoom in... Well, you get the idea.
Granted the GPSMap 76 wasn't designed to be a guide by wire mapping product, but it does a nice job and has gotten me out of a few jams.
If someone told me I had to make a choice between paper maps and electronic ones for the rest of my life, today, I would go with paper. They are more reilaible on so many levels and useable. Besides, they are fun to toss out the window when you get more lost using them.
Just because he registered sex.com to take advantage of a profitable opportunity doesn't mean he can't be a victim. He didn't try to squat (in this case) on what might be a trademarked name just to squeeze money from a corporation. He registered a name with the intent to make money. Nothing wrong with that.
That someone else took it and that NSI refused to admit thier mistake and make it right makes him a victim.
I'm just trying to figure out why they would leave out the creation of virtual machines,
M-o-n-e-y. Being able to play back a VM is really cool, but they will make thier money off selling workstation, GSX, ESX, etc. This is a great way to distribute demo software. Think about it, Knoppix and other bootable Linux's are useful, but I don't use them for the same reason I don't dual boot. I want to run both Windows AND linux at the same time. I can do that with VMWare.
I don't care about the price. I care about buying something I want, and I will when they see fit to release it.
Actually you have already admitted you will commit a criminal act to get what you want, when you want it. Rather than waiting for when they release it in the format they release it. So tell me, how is that electronic copy going to look on your bookshelf?
No kidding. They will use information collected about users to target advertising.
That is the price you pay to use thier free email service, search service, desktop, etc. As long as they keep that private infomration within google, then fine.
Looks like I will be RTFPP tonight.
Spoken like a true non-parent. As a step parent I can tell you it is very, very difficult to balance giving kids the trust they need to grow up to be healthy adults and micro-managing thier every move.
Yes,parents should be responsible and put the computer where they can see what the kids are doing. But let's face it, some of these scum bags talk a pretty convicing game and it's easy to see how kids who are generally non to savvy, would fall for sweet talk. And let's face, kids do stupid, rotten things sometimes even with the best or parents.
Now, closing chat rooms to minors is not THE answer, but it does help. Just like play dates don't help kids stay safe, but it helps.
Lasers, underwater? Not even an option. Defraction and scattering would kill laser power. Besides, current sonar techniques can't pinpoint a sound source that closely. When your fire upon, about the only thing you know is where the torpedo is and what direction it is heading. In in the two minutes or so that you have left, the captain has to evade a weapon that travels faster--much faster, then a sub.
Who cares? Fish vs. people, and not in an abstract, "this could hurt the environment long term, for mere economic benefit" way. Either a few fish will die, or a ship full of hundreds or thousands of sailors could be damaged or destroyed.
maybe 100 to 150 sailors onna boat, sport. Not hundreds or 1000's. How big do you think these things are?
Next, who cares about the fish? Let's just say this could be one more nail in the coffin of an enviornment we have barely explored but we have dumped oil, sludge, garbage, radiactive waste and a sundry other pollutants. Fished the most popular fish to near extinction which in turn affects the enitre food chain up and down.
Now, a bit o' reality. There is not threat to combat. Let's see, the soviet navy is pretty much kaput and those commies are america's friends anyway, right? Neither hte chinese nor koreans have a navy to talk about. So what is the threat?
Finally, I don't care how directional that thing is. Speakers, even BIG ones have propagation patterns that spread further than the intended source. Something that makes that much noise will leave enough ambient after shocks that 1) will render passive sonar, a submariners eyes blind for a good long time and 2) that sonic blast will be like a beacon in the night pin pointing the targets' location.
So my attack plan would be: Get contact and fire one. Wait for sonic blast. Fire two. Say good night.
Sheesh, haven't these guys even ridden a submarine?
I suspect is the case. Think about all the thinking you do when your driving just to keep your car on a smooth, paved road with every one pretty much following the same set of rules. You have to manage speed, negotiate turns, adjust for bumps, wind, grooves in the pavement. Once you drive long enough, it's pretty much "second nature" but your making adjustments to the vehicle based on visual, aural, and directional input.
Now try to codify that into an algorithim that makes the right decisions 99.999% of the time and can adjust (again, correctly) for the.001 wrong decisions. It's pretty amazing.
A simpler problem is create an algorithm for a robot to enter solve a maze. You could just write a right or left wall following algorithm that will work, eventually, but try to do something smarter.
It's not a trivial task. I imagine as more research is done in this area, speeds will increase. What makes sense to me is a hybrid approach where the vehicles are largely autonomous, with augmented human input and problem solving.
Read the advisory.
The affected subsystem is not the firewall, but the authentication proxies for ftp and telnet. It is doubtful that those features are being used all that much.
The advisory also list a set of ACL that should suffice in most cases until a patch is issued.
If this was a problem in the firewall or ACL subsystem, it would be a bigger issue because many companies use them to place a reduced ruleset for all traffic that should be blocked in all directions like netbios, snmp, etc.
Yah know, all you hens running around clucking about how the sky is falling when ever someone mentions anything about trusted computing should 1) stop, 2) breathe, 3) read the documents, 4) think about how humanity reacts (in the US, at least) to perceived threats to privacy and control, 5) then get a grip.
The stated in intent of the TCG is to create a trusted platform that is tamper resistant to software attacks like worms, viruses, and trojans, will not interfere with any other operating software, and will be pretty much seamless.
Can the system be abused by those nefarious ner-do-wells trying to lock you into some software? Sure, but that is true for any system. Have a little faith. The purchasing American public won't willingly give up what they perceive is their right to control thier hardware and software. The backlash will keep the worst offending vendors at bay. Voting with your dollars is a very powerful weapon. Use it against any company regardless of the hardware or software they are selling.
I would say a book on how to snoop on people hard drives and see what they deleted is pretty privacy invasive?
Most legal investigations are invasive by their very nature.
Windows 95, it was quite a leap in stability and usablility from windows 3.1. I don't think windows has had such an upgrade since then
Huh? *cough* Windows 2000 *cough*
Much more stable that Win 95, far fewer requirements to reinstall, use of ring 0, ring 3 seperation , better memory management, NTFS and encrypted file system. (yeah, I know, many of these features started in NT, but NT isn't comparable to a desktop OS like Win 95, not even NT Workstation)
Slashdot Mirror
security != easy.
But security doesn't have to be hard, either. Look at desktop firewalls. I last looked at them (zone, sygate, symantec)maybe two years ago, so perhaps they have gotten better, but, user install it and all of a sudden they get a bunch of pop-ups asking if this or that can access the internet and do you want to let it. No context, no explaination, your lucky if you can get the file path. So users start saying yes and pretty soon, that desktop firewall is swiss chese. Couldn't the vendors have at least profiles Windows services and common applications and told the user something like "The Windows Messenger service is trying to listen for connections. If your a home user, you probably don't need this, so say No. If your an company user, ask your IT staff if you need it." rather than some long path. That's useability.
What about all the vendors selling home internet firewalls? Most home users don't need a firewall, they need a NAPT router. If they are running games or an on-line service, then perhaps they need to port forward, but all the rest of that stuff is cruft. But for $50 more you can get a stateful firewall. You don't need it, but you can get it.
These are examples of making the deploymnet of security needlessly complex. Oh, and it gets no better in enterprise security.
There is a lot that could be done to make security easier to deploy while still being robust.
The US Post Office won't accept credit cards that are not signed regardless of the ID you are carrying and they have a big sign that states that in the Post Office. That is the only place that I have ever had a card turned away for not being signed.
everyone had already installed many of the GNU tools because they were more powerful than the system ones
Ack. My bad. I should have said more GNNU like. They are more powerful tools than what ships with Solaris and I am also used to them which certainly helps.
1) perl 2) expect 3) wget 4) lsof 5) grep 6) lynx 7) ssh 8) emacs (I just know it better than VI) 9) bash 10) screen With those things running, I can pretty much do what I need. I have even installed them on slowlaris machines to make them more linux like.
Use it to provide targeted, local ads on the radio and billboards?
Is that Russinovich actually chides the DRM developers for weaknesses in the implementation meaning that it could be made more stealthy and stable.
Maybe someone should hire Russinovich to write a DRM.
Are you saying Hacker Defender is not a rootkit?
Hacker Defender is a root kit because it has the capability to backdoor the system it is installed in. As in remote attacker can connect to this port and control the machine.
The DRM that Russinovich describes does't seem to make or listen for network connections nor does it seem to do anything other than hide itself, stop user from ripping CD's and other stuff.
Easy, Don't run as ADMINISTRATOR. Run as a regular user!!!!!!!
Come on, man. It's 2006 already
Kids, read the entire blog. It's a piece of DRM software that hides itself.
Mark doesn't say whether it open a backdoor or does anything nefarious other than hide.
I agree that it sucks and is a bad move by Sony, but I have seen other pieces of DRM. A recently purchased Dave Matthews CD, I think Stand-Up, used some piece of shit driver on the CD that installed a CDROM shim when auto-play activated. I didn't read the case before I bought it where there was mention of DRM software on the CD (otherwise I wouldn't have bought it), but the warning was there in little type.
Thought-pieces, retrospectives, discussion of long-term trends, etc. don't depend as much on timely, up-to-the-minute news.
Yeah, the problem is with something like baseball, something is always going on during the season, so these evergreen blogs won't really work>
What I don't get from some of the responses on /. is the vitrolic response to someone explaing that creatig quality content is hard. Come on, when you put up a blog, you want people to read it, to come back and keep reading it. You want the blog to be popular. If readers stop reading, there is no reason to keep writing. (no, writing for writings sake is not all that satisfying). Here is one guys account of what happened. They obviously built an audience and felt an obligation to turn out the best content they could.
Instead of busting thier chops and calling they whiners (which he wasn't doing anyway) just take note that there are PEOPLE behind those pixels.
Kodak around all the time, it was too big, and carrying it AND an iPod AND a phone AND a wallet is uncomfortable
You don't have to carry all that stuff in your back pocket, yah know. :)
I love the crappy camera on my Treo 600. It's a fun toy and good for getting that quick snap. If I want to take "quality" pictures, I break out my Nikon FM3 35mm camera.
Not of small towns necessarily, but of regions and states, sure. I have been using a Garmin GPSMap 76 with thier Mapsource software and while it is good for trip planning and the occasional re-routing, it take fore thought to load the maps and really doens't give a good overview of where you are, where you are going, and where you will be.
Paper maps are exremely useful if your lost and trying to figure out how to get back to where you need to be. Now you can say with a GPS, you never get lost because you always know where you are (and let's just assume you don't loose signal), that is true. But to get back to where you want to go via roads, not as the crow flies typically means. Zoom out to see where you are and try to figure out where you need to be. Try to mouse over roads to get names (which by the way are often route numbers when locally they are named and vice versa and I have seen this on Mapsource, Streets adn Maps, google, and other mapping applications (is other mapping software better)), zoom in to get better pointer resolution, zoom to get context again, set way points, zoom in ... Well, you get the idea.
Granted the GPSMap 76 wasn't designed to be a guide by wire mapping product, but it does a nice job and has gotten me out of a few jams.
If someone told me I had to make a choice between paper maps and electronic ones for the rest of my life, today, I would go with paper. They are more reilaible on so many levels and useable. Besides, they are fun to toss out the window when you get more lost using them.
Just because he registered sex.com to take advantage of a profitable opportunity doesn't mean he can't be a victim. He didn't try to squat (in this case) on what might be a trademarked name just to squeeze money from a corporation. He registered a name with the intent to make money. Nothing wrong with that. That someone else took it and that NSI refused to admit thier mistake and make it right makes him a victim.
I'm just trying to figure out why they would leave out the creation of virtual machines,
M-o-n-e-y. Being able to play back a VM is really cool, but they will make thier money off selling workstation, GSX, ESX, etc. This is a great way to distribute demo software. Think about it, Knoppix and other bootable Linux's are useful, but I don't use them for the same reason I don't dual boot. I want to run both Windows AND linux at the same time. I can do that with VMWare.
I don't care about the price. I care about buying something I want, and I will when they see fit to release it.
Actually you have already admitted you will commit a criminal act to get what you want, when you want it. Rather than waiting for when they release it in the format they release it. So tell me, how is that electronic copy going to look on your bookshelf?
No kidding. They will use information collected about users to target advertising. That is the price you pay to use thier free email service, search service, desktop, etc. As long as they keep that private infomration within google, then fine. Looks like I will be RTFPP tonight.
Spoken like a true non-parent. As a step parent I can tell you it is very, very difficult to balance giving kids the trust they need to grow up to be healthy adults and micro-managing thier every move. Yes,parents should be responsible and put the computer where they can see what the kids are doing. But let's face it, some of these scum bags talk a pretty convicing game and it's easy to see how kids who are generally non to savvy, would fall for sweet talk. And let's face, kids do stupid, rotten things sometimes even with the best or parents. Now, closing chat rooms to minors is not THE answer, but it does help. Just like play dates don't help kids stay safe, but it helps.
The Nimitz is an air caft carrier. A boat is a submarine, which is the type of craft the parent was talking about.
Lasers, underwater? Not even an option. Defraction and scattering would kill laser power. Besides, current sonar techniques can't pinpoint a sound source that closely. When your fire upon, about the only thing you know is where the torpedo is and what direction it is heading. In in the two minutes or so that you have left, the captain has to evade a weapon that travels faster--much faster, then a sub.
Who cares? Fish vs. people, and not in an abstract, "this could hurt the environment long term, for mere economic benefit" way. Either a few fish will die, or a ship full of hundreds or thousands of sailors could be damaged or destroyed. maybe 100 to 150 sailors onna boat, sport. Not hundreds or 1000's. How big do you think these things are? Next, who cares about the fish? Let's just say this could be one more nail in the coffin of an enviornment we have barely explored but we have dumped oil, sludge, garbage, radiactive waste and a sundry other pollutants. Fished the most popular fish to near extinction which in turn affects the enitre food chain up and down. Now, a bit o' reality. There is not threat to combat. Let's see, the soviet navy is pretty much kaput and those commies are america's friends anyway, right? Neither hte chinese nor koreans have a navy to talk about. So what is the threat? Finally, I don't care how directional that thing is. Speakers, even BIG ones have propagation patterns that spread further than the intended source. Something that makes that much noise will leave enough ambient after shocks that 1) will render passive sonar, a submariners eyes blind for a good long time and 2) that sonic blast will be like a beacon in the night pin pointing the targets' location. So my attack plan would be: Get contact and fire one. Wait for sonic blast. Fire two. Say good night. Sheesh, haven't these guys even ridden a submarine?
I suspect is the case. Think about all the thinking you do when your driving just to keep your car on a smooth, paved road with every one pretty much following the same set of rules. You have to manage speed, negotiate turns, adjust for bumps, wind, grooves in the pavement. Once you drive long enough, it's pretty much "second nature" but your making adjustments to the vehicle based on visual, aural, and directional input. .001 wrong decisions. It's pretty amazing.
Now try to codify that into an algorithim that makes the right decisions 99.999% of the time and can adjust (again, correctly) for the
A simpler problem is create an algorithm for a robot to enter solve a maze. You could just write a right or left wall following algorithm that will work, eventually, but try to do something smarter.
It's not a trivial task. I imagine as more research is done in this area, speeds will increase. What makes sense to me is a hybrid approach where the vehicles are largely autonomous, with augmented human input and problem solving.
Read the advisory.
The affected subsystem is not the firewall, but the authentication proxies for ftp and telnet. It is doubtful that those features are being used all that much.
The advisory also list a set of ACL that should suffice in most cases until a patch is issued.
If this was a problem in the firewall or ACL subsystem, it would be a bigger issue because many companies use them to place a reduced ruleset for all traffic that should be blocked in all directions like netbios, snmp, etc.
Yah know, all you hens running around clucking about how the sky is falling when ever someone mentions anything about trusted computing should 1) stop, 2) breathe, 3) read the documents, 4) think about how humanity reacts (in the US, at least) to perceived threats to privacy and control, 5) then get a grip. The stated in intent of the TCG is to create a trusted platform that is tamper resistant to software attacks like worms, viruses, and trojans, will not interfere with any other operating software, and will be pretty much seamless.
Can the system be abused by those nefarious ner-do-wells trying to lock you into some software? Sure, but that is true for any system. Have a little faith. The purchasing American public won't willingly give up what they perceive is their right to control thier hardware and software. The backlash will keep the worst offending vendors at bay. Voting with your dollars is a very powerful weapon. Use it against any company regardless of the hardware or software they are selling.
I would say a book on how to snoop on people hard drives and see what they deleted is pretty privacy invasive? Most legal investigations are invasive by their very nature.
Huh? *cough* Windows 2000 *cough*
Much more stable that Win 95, far fewer requirements to reinstall, use of ring 0, ring 3 seperation , better memory management, NTFS and encrypted file system. (yeah, I know, many of these features started in NT, but NT isn't comparable to a desktop OS like Win 95, not even NT Workstation)