Slashdot Mirror


User: drsmithy

drsmithy's activity in the archive.

Stories
0
Comments
12,153
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,153

  1. Re:Something is Fishy on Last Year's CanSecWest Winner Repeats on Vista, Ubuntu Wins · · Score: 1

    I'm not foolish enough to claim that *nix cannot be rooted or cracked. Just that because of its design it is inherently more secure and more difficult to crack than a system that still allows apps to run in rootspace.

    Which system is that ? Because it sure as hell isn't Windows. Indeed, the concept of 'root' doesn't even exist in Windows (as opposed to UNIX, where it's still not at all uncommon to find daemons running as root, and in UNIX, processes running as root genuinely and inherently operate without restrictions).

    The baggage of supporting legacy apps that require(d) administrator access. Because Windows had been designed for so long to be run by a single user-administrator, there are plenty of apps that simply won't run without admin-level privileges.

    Windows NT has been multiuser since day 1 and was designed as such. The only reason some applications "need" to run as Administrator is because they're badly written. It has _zero_ to do with either Windows or Microsoft. Indeed, in this area NT is far superior because access to system resources can be granted on a per-user basis and UNIX's ugly hack of "start as root, do the stuff that needs root privileges, then switch to another user" doesn't even need to be considered.

    Not exactly. When an OS is designed from the ground up as a multiuser system (such as *nix), it is very easy to restrict access to system resources.

    1. UNIX was not designed "from the ground up" as a multiuser system. The first iterations were single user.
    2. Windows NT *was* designed "from the ground up" as a multiuser system.
    3. Restricting access to system resources in UNIX is generally only possible if those system resources are exposed via the filesystem.

    If I want to install a piece of software on Linux, for example, I cannot make the installation system-wide (by writing to /usr/bin, for example) without admin privileges. I cannot install libraries to /lib, /usr/lib, etc. I cannot write settings to /etc. Even when installed and executed, that program will only have a restricted set of rights based on the user/group that executes it. I can, however, compile and run executables as a user without needing admin access and without write access to system files and/or directories. I can put whatever libraries, modules, settings etc are required in my home directory without needing access to restricted areas.

    Yes. Just like Windows.

    Yes, I do run the risk of hosing my /home/user directory and everything inside of it, but I cannot touch any other user's files, and cannot touch system files.

    Again, just like Windows.

    Windows, on the other hand, has a hybrid model where a multi user model is tacked onto a single user-admin model, or rather support for a single user-admin model is bolted onto a basic multiuser model. Basic, because a true multi-user system would never have a single repository for all settings, like the Windows registry.

    Why on Earth *wouldn't* a multiuser system use an ACL-restricted, transactional, auditable, concurrent database with a defined set of access methods and data types for storing system data ? Are you suggesting it would be better off using, say, a filesystem directory full of text files ? A system with primitive and coarse security, no auditability, no provision for concurrent access, no standardised access methods and not even the most basic capabilities for sanity checking data ?

    In what possible way is the Registry incompatible with a multiuser system ?

    No. What I'm saying is that the my sysadmin's argument is very similar to the OP's argument.

    No, they're not. Not in any meaningful sense. One example is either poor configuration, or ignorance of how the system works (and is designed to work). The other is an explanation of how a system is explicitly designed to work.

    If you can not, or will not, und

  2. Re:Popcorn anyone? on Last Year's CanSecWest Winner Repeats on Vista, Ubuntu Wins · · Score: 1

    Oh MS one, then how did they bypass Cancel/Allow or Continue/Cancel?

    What ?

  3. Re:Popcorn anyone? on Last Year's CanSecWest Winner Repeats on Vista, Ubuntu Wins · · Score: 4, Informative

    So, prior to Vista, when it ran as the user who starts it, given that over 90% of the cases the default user has complete and unlimited access to the system files, how is running as user different from running as SYSTEM? (And, yes, I pull that "90%" figure out of my arse---but I'll bet it's higher.)

    Firstly, because SYSTEM and Administrator have different privilege levels.

    Secondly, because there is a vast gulf of difference between the statements "IE runs as SYSTEM" and "IE runs as the user, which is sometimes Administrator, and I think that Administrator and SYSTEM are the same". One is a (serious) architectural problem, the other is an end-user configuration problem. Trying to say they are equivalent is at best ignorance and at worst lying.

    Finally, while most home systems would certainly be running users as Administrator, most managed corporate systems would not. 90% is a ridiculous over-estimate of how many XP systems only have "Administrator" users.

  4. Re:Something is Fishy on Last Year's CanSecWest Winner Repeats on Vista, Ubuntu Wins · · Score: 1

    That's not at all what I'm suggesting. I'm saying that just because MS says their software should behave in a certain way doesn't at all mean that it won't behave in an entirely unpredicted way given the right circumstances, nor does it mean that the software can't be made to behave in a way completely contrary to how it was designed.

    Are you suggesting that software bugs are in some way a phenomenon unique to Microsoft ?

    Again, I'm not going to make assumptions about what was not said. I'm only pointing out that it is irrelevant whether the vulnerability was in Flash or in Windows, or even in Firefox, since the problem is the same: Windows is still carrying the baggage of a single-user system and as long as that is the case it will be easier to exploit.

    What "baggage" ?

    UAC does raise the barrier, but addresses a problem that only exists on Windows, since that OS still does not properly compartmentalize users the way other OSs do.

    No, it addresses the same problem that exists on all multiuser OSes, which is why all multiuser OSes address it (with varying degrees of user friendliness). Windows "compartmentalises users" at least as well as other platforms (and possibly better, depending on exactly what those OSes are, due to extensive use of ACLs and the lack of a superuser).

    My own logic is sound. But I suggest that next time you feel like discussing such things, you rely on facts and leave assumptions at the door.

    Your logic is worthless. You are saying that because an (apparently ignorant) Exchange Administrator misconfigured her server, there might be bugs in Windows. This is like saying if someone sets up postfix as an open relay, there might be bugs in Linux.

    Or, to put it more succintly, your "logic" is a non-sequitur.

  5. Re:Popcorn anyone? on Last Year's CanSecWest Winner Repeats on Vista, Ubuntu Wins · · Score: 0, Flamebait

    This must have changed recently in Vista. Glad to see they learned their lesson.

    No, it hasn't changed because it was never true.

  6. Re:Popcorn anyone? on Last Year's CanSecWest Winner Repeats on Vista, Ubuntu Wins · · Score: 4, Informative

    Well on Windows, sandboxing of permissions is different. There might still be the exploit but the level of vulnerability would most likely be higher on a Windows system as a result of IE running at a SYSTEM level permission rather than a USER level like in Mac or Linux. Change to a different browser like Firefox on Windows and you will be safer.

    IE does not, and never has, run as SYSTEM. Prior to Vista it runs as the user who starts it. In Vista it runs with privileges lower than a regular user.

    I realise Slashdot is as anti-Microsoft as they come, but it's still surprising to see the same FUD about IE still being spewed 10+ years after it was shown to be false.

  7. Re:Identical articles on MacBook Air First To Be Compromised In Hacking Contest · · Score: 1

    Major OS Revisions, Apple vs. Microsoft:

    Your method of comparison is (unsuprisingly) idiotic.

  8. Re:Maybe Apple will get serious about security now on MacBook Air First To Be Compromised In Hacking Contest · · Score: 1

    OS X has been doing *authentication* since its first release, which is welcome. If I try to install software to a secure area of my hard drive (like /Applications), I *want* to be prompted for an admin account's credentials, even if I my current login is the admin. That is great.

    Actually, it is both authentication and authorisation, because it is the need for authorisation that triggers the prompt (and, subsequently, it is the successful authentication that implies authorisation).

    You can configure Vista to prompt for a username and password (and this is the default when in a Domain, or when in a user account that isn't an "Administrator"), which duplicates OS X's behaviour. However, clearly Microsoft thinks (and, personally, I agree) that it's a pointless additional complication on unmanaged, predominantly single-user home desktops to also prompt for a username and password.

    What I really REALLY don't want is for the computer to say "[x] program has attempted to do [y], allow or deny?" That is *authorization*.

    Well, that's what OS X is doing, just with different language. You are not prompted for credentials just for the hell of it, to prove who you are, you are prompted because you attempted to do something you did not have permissions to do. When you provide those credentials, you are authorising the OS to go ahead with that action.

    OS X and Vista operate the same way. The only difference is in the semantics when you are logged in as an "Admin". You can make Vista act like OS X if you want to, but don't kid yourself that it adds any meaningfully better security in the typical usage scenario.

    To me, this just indicates that [x] program isn't secure and probably shouldn't even be on your hard drive in the first place, since it is doing something that may compromise your computer's security.

    Lots of normal behaviour can compromise your computer's security and most people don't realise this. Further, many applications are poorly written. Educating them about both is not necessarily a bad thing.

    The forgiving say "This is how Microsoft empowers the user to be better informed"

    No, the realistic say "this is how Microsoft helps end users to continue using their existing software".

    I'm not so forgiving.. I say this is how Microsoft shifts the responsibility of securing their programs to the user.

    No, the responsibility for securing the programs remains where it always has been and where it belongs - with the developer. The difference is that now the user actually has some sort of indication about how well the developer is doing that and the ability to decide whether or not they want to run a piece of software in spite of its flaws. Which is a vastly superior solution than just stopping all the broken apps from running, as you are implying they should do.

  9. Re:Maybe Apple will get serious about security now on MacBook Air First To Be Compromised In Hacking Contest · · Score: 1

    I am a long time user (since first beta) and it has been an incredible ride, but I'd really like for Apple to "step up" and take this bull by the horns and let the world know that they are very serious about security and eliminating *any* means of intrusion, either automated or user driven...

    I wouldn't hold your breath waiting for impossible objectives.

    Just as long as they don't implement some Vista like "Allow or Deny?" crap... God that would drive me *nuts*!

    OS X has been doing this since its first release.

  10. Re:A real hero on MacBook Air First To Be Compromised In Hacking Contest · · Score: 1

    In other words this guy most likely found a security bug in Safari, but instead of reporting it directly, made an exploit and waited for a hacking contest to get a monetary benefit out of it. A real hero. Or maybe he was just quick. Which seems more plausible?

    Or he reported it to Apple and they simply haven't fixed it yet.

    Regardless of the exact situation, I fail to see what the problem would be with any of them.

  11. Re:Identical articles on MacBook Air First To Be Compromised In Hacking Contest · · Score: 2, Funny

    Well, they let them use a Vista laptop because Windows 7 isn't available yet (not sure it means anything, but Microsoft is still an OS generation behind Apple).

    You seem to have that arse-about-face. In every way except the display system, even Windows NT 3.51, dating from the early '90s, was a generation ahead of OS X until about 10.4/10.5. Vista leapfrogged ahead with the display system, while 10.4 and 10.5 brought in parity with lower level aspects like fine-grained locking and an ACL-based security system (albeit still only applicable to the filesystem). For all intents and purposes they're equivalent, although arguably Windows is slightly ahead because of its better display system and more active development time.

  12. Re:Or.... on What Will Life Be Like In 2008? · · Score: 1

    When I don't have to leave 30 minutes earlier for work or when it doesn't take me 30 minutes longer to get home from work, I'll take public transportation. That's an hour of my day gone, and 24 hours already isn't enough for me...

    Not everyone's public transport system sucks as much as yours.

    I'm currently living in Zurich and it takes me 15 minutes door to door to get to work using the train. When I was living in Sydney, it was 30 minutes. On a great day, I might be able to match those times in a car. On a typical day, the car trip takes ~50% longer. On a bad day, it can easily take 3-4 times as long. And that's with company-provided, reserved parking in the city.

    To say nothing of the cost... My monthly ticket here costs about 110 Francs (which lets me use any public transport - trains, buses, boats, trams) within in the city "zone". Even only accounting for work trips (ie: on weekdays), that's about 5-6 Francs a day. I couldn't come within a bull's roar of running a vehicle for that.

    Finally, the most important advantage, is that commuting time not being completely and utterly wasted as it inescapably would be if I drove. I can read a book, watch a movie, browse the web, work, whatever.

    Why anyone who lives reasonably close to a decent-sized city (ie: most of the Western world) would commute to work in a car is beyond me. Expensive, time consuming and boring. Yet they do because a car gives them "freedom". The "freedom" argument would carry more weight if they weren't using 90% of that "freedom" to duplicate the same journey as public transport does.

  13. Re:oil industry collusion on What Will Life Be Like In 2008? · · Score: 1

    If you have self driving cars, you only have to add a little bit of networking to achieve efficient and relatively convenient car sharing programs (think automated taxis), which would reduce the number of automobiles sold overall.

    We could call them... buses.

  14. Re:In the future nobody touches anything on Meet the Laptop of 2015 · · Score: 1
    p> Apparently in the future the idea of tactile feedback is dead and everybody just types on glass screens like in the movies. Presumably these laptop designers have not actually tried that themselves to see just how much people actually like typing on a piece of glass with no cues at to where the keys are.

    To say nothing of the RSI nightmare from drumming your fingers onto a hard piece of glass all day.

  15. Re:geeks want to do it right on IBM Invests In MySQL/Oracle Competitor · · Score: 1

    Yes, because Linux is so very hard to say. Same number of syllables as XP, and it sounds just like it reads.

    There are at least three distinctly different pronunciations I've experienced:

    Lee-nooks (Linus)
    Linnicks (Americans)
    Ly-nucks (Commonwealth English speakers)

    And I'm sure everyone using them believes "it sounds just like it reads".

  16. Re:Artificial Bundling? on Windows 7 Likely Going Modular, Subscription-based · · Score: 1

    So you think it makes sense that such tasks require a web browser's shared code?

    If you're using HTML-esque markup for making certain things in your GUI look pretty, certainly.

    Netscape was cross-platform. The web was untying people from Windows. That was a far bigger danger to Windows.

    Maybe if you believed Netscape's hype, but the reality is that the web-as-a-universal-platform isn't even viable _today_.

    Incidentally, don't kid yourself that Netscape's motivations were any different to Microsoft's. The only reason they were trying to "untie" people from Windows was so that they could then in turn lock them into their proprietary server product via closed extensions.

    And did OS/2 and Mac ship their web browser with almost every product they sold?

    They shipped them with their OSes.

    Did their products require their web browser?

    What do you mean by "require" ? Even if they did, what's the problem with using an OS-level shared component ? THAT'S WHY THEY'RE THERE. Do you get your knickers in a twist because applications on Linux "require" libc ?

  17. Re:Artificial Bundling? on Windows 7 Likely Going Modular, Subscription-based · · Score: 1

    We're talking about integration, not simple bundling.

    Yes. Just like Apple was starting to do with Cyberdog - and what every major platform (OS X, GNOME, KDE) has done since.

    IE was used as Explorer's shell in Windows 98. IE was used for Add/Remove Programs in Windows 2000.

    No. The IE shared component was called by Explorer (the shell) and the Add/Remove Programs applet as required. Ie: exactly how shared code is *supposed* to work and exactly how it works on the other platforms.

    And no, M$' bundling and integration was not in response to OS/2 and the Mac doing so. Those operating systems never were real competition for Windows. It was all about crushing Netscape.

    They were much more competition than Netscape was. Mainly because they were actually in the same market (OSes).

  18. Re:Artificial Bundling? on Windows 7 Likely Going Modular, Subscription-based · · Score: 1

    What? Netscape was bundling their browser into their OS? Netscape had an OS (AOLOS?)?

    IBM (OS/2 with Netscape) and Apple (MacOS 8 with Cyberdog) were.

    IE was bundled to drive the market; it was not driven to that point.

    No, IE was "bundled" as a response to a) competitors doing the same and b) market desires. Hastening Netscape's suicide was just the icing on the cake.

  19. Re:Vista, sucks.... on The Death of Windows XP · · Score: 1

    I really don't see the issue here...

    This issue is that Apple don't make an equivalent to the typical enthusiast's PC. Something halfway between a Mac Mini and a Mac Pro. Or, as it is often referred to as, a Headless iMac. In particular, an affordable machine with a modular (ie: replaceable) video card.

    This is one of the 2-3 gaping holes in Apple's hardware lineup (that, sadly, they don't appear in any rush to remedy).

  20. Re:Eee PC - See MinWin on The Death of Windows XP · · Score: 1

    Why Microsoft doesn't develop MinWin into someting the end user wants [...]

    Because it's _not_ what the end users want. End users want "it just works appliances". They don't want to go off and download their own browser, or their own media player, or any of the hundreds of other bits of functionality that are "standard" today.

    Do not project the wants of the proportionally insignificant number of people who want "Windows, but kinda like Linux" on the vast majority who want nothing more than a computing appliance.

  21. Re:Artificial Bundling? on Windows 7 Likely Going Modular, Subscription-based · · Score: 2, Informative

    Considering Microsoft has, in the past, been accused of artificially bundling components together (IE+Windows, DirectX10+Vista, etc), [...]

    Of course, accusations != truth. For your two examples, IE was no more "artificially bundled" into Windows than its equivalents were into contemporary OSes and DirectX10 requires features only present in Vista's new display system.

    "Artificial bundling" is as meaningless as "bloat". Stuff that you, personally, aren't interested in != stuff that no-one is interested in.

    [...] I'm going to remain skeptical on this plan. It seems like Microsoft can get much higher revenue from a several-hundred-dollars major upgrade than a pick-n-choose bundle of features. The only way I see them breaking it apart is if their monopoly really does begin to be challenged and they have to start selling in a truly competitive market.

    Huh ? It was the competitive market that resulted in IE, etc, being "bundled" into Windows in the first place (in response to competitors doing the same). What on Earth makes you think its going to drive them to start removing stuff when their competitors continue to add more and more features as part of their base packages ?

  22. Re:Well... on The Death of Windows XP · · Score: 1

    Fair enough, stick with a computer that boots slower than WfW 3.1 on a 386 with 16MB of RAM...

    So, pretty fast, then ?

    Windows 3.11 on a 16MB PC in its day would be like Vista on a 16G PC today. Indeed, IIRC Windows 3.11 couldn't even detect more than 16M (to say nothing of the rarity of a 386 that could have 16M physically installed).

  23. Re:It's nice to share. on The Death of Windows XP · · Score: 1

    Sadly, as anyone who does this day in and day out can tell you, that is not enough to ensure a system is clean. Windows (any version, any service pack) does not need any user intervention or use to get infected. I'm not saying it is horrendous (nor am I saying it's not - not making any statement either way)... what I am saying is that machines do get infected even with all updates installed - and no user in front of the keyboard.

    Rubbish.

  24. Re:I throw Vista away all the time on University of Penn. Recommends Against Vista SP1 · · Score: 2, Insightful

    I refuse to install Vista, as I enjoy a certain degree of control over my operating system.

    What do you think Vista is going to stop you doing ?

    If by chance I'm forced into Vista, I too am moving to Mac. Times change. Microsoft fucked up. I never thought I'd be advocating Macs, ever.

    So you won't go to Vista because "you enjoy a certain degree of control", but you *would* buy a Mac ?

  25. Re:Barrier to Ownership on Blu-ray BD+ Cracked · · Score: 2, Insightful

    I agree. However, it's a shame that this crack of the DRM is coming so close to the end of the format war and the exchange offers most stores are supporting. The numbers of people that are going to buy BR players because of the fair use now are only going to get lost in the shuffle now.

    Well, they'd otherwise be statistical noise so, no biggie.