I run lots of beta software (Firefox Nightly, Chrome Dev, Thunderbird Early), but I avoid doing it for the OS. Why? If my email client or browser's too buggy, I can uninstall them and roll back to the stable channel. On the other hand, fixing a computer that won't boot or having some other highly annoying problem takes just way too much of my time on my primary device.
I was surprised to get on Slashdot this morning and see my question to Larry Wall inspired an article. So, uh, thanks for the shoutout Slashdot, couldn't've made it here without you...?
I work for a translator company, where I am a technical assistant. Because of legacy Win32 programs, I have to use Windows 7 on some standard HP desktop. I try to make the best of it with LibreOffice (N.B. I check all of my.DOCs with both LibreOffice and MSOffice to make sure there's no weird formatting compatibility problems; 99% of the time it's MSOffice that causes it, by the way), Notepad++, Cygwin, Thunderbird, Firefox (I'm using Nightly because e10s is great), GWX Control Panel so I don't get molested by the "free" "upgrade", PeerBlock (I don't trust the Windows firewall), and some other nifty tools.
At home I recently bought a beautiful 27" 4K monitor, which looks amazing, and everything runs perfectly smooth on my i5-4590 quad core, GeForce GTX950, 16 GB RAM, SSD set-up. On this computer I have vanilla Ubuntu 16.04. I'm not a programmer, so all I use to edit with is nano because it's simple and light, and I don't need all the nifty features of emacs or vim.
Some shoutouts to things I like:
- Signal, an encrypted messaging app on my Android phone that is endorsed by Edward Snowden.
- KeePass X, where I save all my passwords.
- ownCloud, which I use to sync my encrypted files over the Swiss provider Woelkli (again for privacy & security reasons).
They should have hosted this stuff on open source software - it's super secure
This isn't zero-day attack. Whoever was the sysadmin for the Ubuntu forums didn't apply a security patch. The same thing can happen if you don't patch a Microsoft SQL Server.
Yeah, if that level of granularity was used every time there was a security vulnerability related to software that runs on Windows then it might be relevant.
Not to mention the fact that Ubuntu isn't linux: It's a linux distribution that expressly provides an entire software stack, including the software that got hacked here.
SQL injections have nothing to do with the platform you're running them on. It's a result of sloppy programming. The same thing can happen on just about every OS and every SQL daemon.
You might have a point about Windows being unfairly maligned if it weren't for e.g. Internet Explorer being so thoroughly integrated into the OS that its vulnerabilities in the browser can be exploited even if the user doesn't use it.
Many ISPs are publicly subsidized in order to roll out Internet access to rural areas. Why should they have gotten so much of the tax payer's money in order to screw them over with censorship and racketeering?
Well we've already lost an open web due to Encrypted Media Extensions. Do we even need net neutrality any more?
Completely different issues altogether. I can personally choose not to visit a website that uses EME, just like I personally choose not to visit a website that condones Holocaust denial and the like. If net neutrality dies, my ISP can deny me the bandwidth necessary to go to certain websites.
Here's an analogy that might help. Imagine it's about 1950 or so. EME is like a locked vending box for a newspaper stack, you have to put a quarter in the slot to be able to read a copy. Net neutrality is like a policeman that watches to make sure that some mafioso doesn't come burn all of the newspapers except for the one that pays them protection money.
Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security
Why didn't you also mention Microsoft here? *innocent blink*.
Several reasons.
1. Firefox and Chrome(ium) are cross-platform. IE/Edge and Safari are not.
2. Microsoft might have a competent security team (wouldn't bet my life on it though), but their company policy inhibits their browsers from being secure. For instance, it is well known that they share vulnerabilities with certain three-letter agencies before pushing the patches downstream.
3. Given the Windows 10 debacle, anyone who leaves auto-updates on for any Microsoft OS is either uninformed or a fool.
4. Even on Windows, there is no particular reason to use IE/Edge instead of Firefox/Chrome(ium). Microsoft's browsers are slower and have less and worse extensions.
5. Firefox and Chromium are FLOSS, which means (a) you can audit the code yourself for any backdoors/spyware and then compile it yourself, and (b) Mozilla and Google would have to be exceptionally daft to attempt to hide any backdoors/spyware. IE/Edge are proprietary and closed-source, which means they're just as much black boxes as are Maxthon and Opera.
I'm surprised they included Castlevania II: Simon's Quest, which is a fairly terrible game overall, but neglected Castlevania III. It was really ahead of its time in many ways, and although it's one of the hardest games ever made (I've never been able to beat it without save states unfortunately), it's also incredibly fun and rewarding.
I have some thoughts about this NES re-release but I'll ponder it some more before I make a comment I'll later regret.
Firefox and Chromium* have a lot of forks, but I would advise against using them. Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security updates the moment they're released out, not when your fork-team's got around to setting them out.
Suppose you want to use Chromium as a base but are concerned about your privacy with respect to Google, so you don't want to use Chrome. That's perfectly understandable, but using Opera or Vivaldi or Maxthon instead is insanity, since they're all black boxes and you're not really sure what they're doing with your data (case in point, TFA). There's a 100% FLOSS fork of Chromium in the works called Iridium but I cannot recommend it yet because I don't know enough about the competency of their team, but it's definitely worth looking into. Until then, just use vanilla Chromium and rig your own auto-update system.
As for Firefox, there's a great extension called Privacy Settings that can optimize all your config flags for privacy (i.e. turn off telemetry, network prefetch, etc.) in just one click. I would recommend however that you keep dom.storage.enabled on, since a lot of websites are unusable without it. Also be wary that security.ssl.require_safe_negotiation needs to be toggled if you need to connect to an insecure website, such as the USPS's.
*For those unaware: Chromium is the base of Chrome. The only difference between them is that Chrome is shipped with an auto-updater and plugins for Flash and Widevine.
It's quite frustrating to see my country turn into an Orwellian nightmare. Most voters don't care, either because they don't understand the ramifications of a surveillance state, or because they fall into party lines and turn it into a petty squabble. So seeing a coalition that's equally composed of reds and blues is a very good sign I think. But we'll have to wait and see if this goes anywhere.
Microsoft does not protect their user's data, and Skype itself is a security and privacy nightmare: https://www.eff.org/node/82654 (N.B. the EFF is going to update this score card soon, but it's still right about Skype; see here: https://www.eff.org/mention/ns...)
Suppose the FBI* wanted to present evidence against me in court, which allegedly I transmitted over HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle? Afterall, it's the digital equivalent of a postcard or billboard posting that's very easily tampered with and forged.
It seems as though the FBI should be cheering for encrypted transmission by default; it means the evidence they collect is (more provably, at least) genuine.
* Let's assume they have a valid and proper warrant here, which usually isn't the case, but let's keep this simple.
For everyone who swore up and down that Windows 10 will never be a subscription and Microsoft will always stick with their old business model (pay once for the OS, additional support by subscription): hope the crow is tasty!
Now the question is if they'll turn the 'Home' and 'Pro' editions into subscriptions as well. It's clearly not beneath them, it's only a question if their execs determine that the hostage revenues will outweigh the massive bad will backlash they'll receive.
Secure enough for most things, yes. Until that encryption is broken or the implementation has back doors built into it or flaws discovered.
Yeah, alright, but by that logic, nothing is really secure, because it's only secure *until* some vulnerability is found.
When people talk about "security," they don't mean some Platonic Form that signifies some absolute and eternal protection in all cases. Practically, however, the best modern forms of encryption are reasonably secure enough that you can rely on them, moreso than any kind of physical lock-box.
The keys to your cars are on a rack in your house. You have a security camera in your house that makes ensure against a malicious person who walks in your house, takes your keys, clones them, then puts the originals back on the rack. It turns out the security camera's susceptible to that trick from The A-Team where you take a photo of the room from the perspective of the security camera, then tape the photo onto the security camera's lens so it looks like there's no activity in the room. Because of that, there's no way of checking to make sure nobody sneaks in your house to clone your car keys.
Honestly, I see absolutely NOTHING "drool-worthy" in the desktop environments that Linux users suffer with. Hell, ask an honest Linux user, and most will agree that the popular GUIs for Linux are generally sucktastic. Add to that the internal strife that systemd has added, and Linux is utterly ignore-able by most Mac users.
As for Android, you honestly couldn't pay me to give up my iPhone for that Orphaned Product-Pile and Malware-Fest that is Android.
Didn't your mother ever teach you, "if you have nothing nice to say, say nothing at all"?
Really, I'm glad you like Macs. But I don't understand why you choose to squirt bile on every male that crossed your dominion.
"security of the entire internet."
The author of this nugget doesn't know, apparently, that the Internet was never designed to be secure, and any attempt to make it so will inevitably fail. The Internet was designed to facilitate the OPEN exchange of information.
Who cares about the security of the Internet per se? Peak and tamper with the tunnels as much as you want, so long as the data is encrypted and signed then it makes no difference.
Slashdot Mirror
For desktop, use Pidgin with the Off-The-Record plugin: https://pidgin.im/
For mobile, use Signal by Open Whisper Systems.
I run lots of beta software (Firefox Nightly, Chrome Dev, Thunderbird Early), but I avoid doing it for the OS. Why? If my email client or browser's too buggy, I can uninstall them and roll back to the stable channel. On the other hand, fixing a computer that won't boot or having some other highly annoying problem takes just way too much of my time on my primary device.
I was surprised to get on Slashdot this morning and see my question to Larry Wall inspired an article. So, uh, thanks for the shoutout Slashdot, couldn't've made it here without you...?
.DOCs with both LibreOffice and MSOffice to make sure there's no weird formatting compatibility problems; 99% of the time it's MSOffice that causes it, by the way), Notepad++, Cygwin, Thunderbird, Firefox (I'm using Nightly because e10s is great), GWX Control Panel so I don't get molested by the "free" "upgrade", PeerBlock (I don't trust the Windows firewall), and some other nifty tools.
I work for a translator company, where I am a technical assistant. Because of legacy Win32 programs, I have to use Windows 7 on some standard HP desktop. I try to make the best of it with LibreOffice (N.B. I check all of my
At home I recently bought a beautiful 27" 4K monitor, which looks amazing, and everything runs perfectly smooth on my i5-4590 quad core, GeForce GTX950, 16 GB RAM, SSD set-up. On this computer I have vanilla Ubuntu 16.04. I'm not a programmer, so all I use to edit with is nano because it's simple and light, and I don't need all the nifty features of emacs or vim.
Some shoutouts to things I like:
- Signal, an encrypted messaging app on my Android phone that is endorsed by Edward Snowden.
- KeePass X, where I save all my passwords.
- ownCloud, which I use to sync my encrypted files over the Swiss provider Woelkli (again for privacy & security reasons).
They should have hosted this stuff on open source software - it's super secure
This isn't zero-day attack. Whoever was the sysadmin for the Ubuntu forums didn't apply a security patch. The same thing can happen if you don't patch a Microsoft SQL Server.
Ah yes, here comes the Linux apologists trying to deflect any blame from Teh Liuxxxx!!!!!!
That's a fair point, since Microsoft's products are totally immune to SQL injection -- oh wait, no they're not, you knob.
Yeah, if that level of granularity was used every time there was a security vulnerability related to software that runs on Windows then it might be relevant.
Not to mention the fact that Ubuntu isn't linux: It's a linux distribution that expressly provides an entire software stack, including the software that got hacked here.
SQL injections have nothing to do with the platform you're running them on. It's a result of sloppy programming. The same thing can happen on just about every OS and every SQL daemon.
You might have a point about Windows being unfairly maligned if it weren't for e.g. Internet Explorer being so thoroughly integrated into the OS that its vulnerabilities in the browser can be exploited even if the user doesn't use it.
The vulnerability was an SQL injection. The operating system had nothing to do with it.
Many ISPs are publicly subsidized in order to roll out Internet access to rural areas. Why should they have gotten so much of the tax payer's money in order to screw them over with censorship and racketeering?
Well we've already lost an open web due to Encrypted Media Extensions. Do we even need net neutrality any more?
Completely different issues altogether. I can personally choose not to visit a website that uses EME, just like I personally choose not to visit a website that condones Holocaust denial and the like. If net neutrality dies, my ISP can deny me the bandwidth necessary to go to certain websites.
Here's an analogy that might help. Imagine it's about 1950 or so. EME is like a locked vending box for a newspaper stack, you have to put a quarter in the slot to be able to read a copy. Net neutrality is like a policeman that watches to make sure that some mafioso doesn't come burn all of the newspapers except for the one that pays them protection money.
Just use a VPN in a foreign country, and then send out your encrypted messages/whatever through it.
Trivial for geeks (and white collar criminals and terrorists), but ordinary folk won't know how or be able to do it, so they'll be the ones to suffer.
Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security
Why didn't you also mention Microsoft here? *innocent blink*.
Several reasons.
1. Firefox and Chrome(ium) are cross-platform. IE/Edge and Safari are not.
2. Microsoft might have a competent security team (wouldn't bet my life on it though), but their company policy inhibits their browsers from being secure. For instance, it is well known that they share vulnerabilities with certain three-letter agencies before pushing the patches downstream.
3. Given the Windows 10 debacle, anyone who leaves auto-updates on for any Microsoft OS is either uninformed or a fool.
4. Even on Windows, there is no particular reason to use IE/Edge instead of Firefox/Chrome(ium). Microsoft's browsers are slower and have less and worse extensions.
5. Firefox and Chromium are FLOSS, which means (a) you can audit the code yourself for any backdoors/spyware and then compile it yourself, and (b) Mozilla and Google would have to be exceptionally daft to attempt to hide any backdoors/spyware. IE/Edge are proprietary and closed-source, which means they're just as much black boxes as are Maxthon and Opera.
I'm surprised they included Castlevania II: Simon's Quest, which is a fairly terrible game overall, but neglected Castlevania III. It was really ahead of its time in many ways, and although it's one of the hardest games ever made (I've never been able to beat it without save states unfortunately), it's also incredibly fun and rewarding.
I have some thoughts about this NES re-release but I'll ponder it some more before I make a comment I'll later regret.
Firefox and Chromium* have a lot of forks, but I would advise against using them. Mozilla and Google have world-class security experts working for them, and when you use generic Firefox/Chrome, you get their security updates the moment they're released out, not when your fork-team's got around to setting them out.
Suppose you want to use Chromium as a base but are concerned about your privacy with respect to Google, so you don't want to use Chrome. That's perfectly understandable, but using Opera or Vivaldi or Maxthon instead is insanity, since they're all black boxes and you're not really sure what they're doing with your data (case in point, TFA). There's a 100% FLOSS fork of Chromium in the works called Iridium but I cannot recommend it yet because I don't know enough about the competency of their team, but it's definitely worth looking into. Until then, just use vanilla Chromium and rig your own auto-update system.
As for Firefox, there's a great extension called Privacy Settings that can optimize all your config flags for privacy (i.e. turn off telemetry, network prefetch, etc.) in just one click. I would recommend however that you keep dom.storage.enabled on, since a lot of websites are unusable without it. Also be wary that security.ssl.require_safe_negotiation needs to be toggled if you need to connect to an insecure website, such as the USPS's.
*For those unaware: Chromium is the base of Chrome. The only difference between them is that Chrome is shipped with an auto-updater and plugins for Flash and Widevine.
The fact that it only works on cell phones makes it useless to me.
OK. The best desktop solution is the using the Off-The-Record protocol, with Pidgin (Windows, Linux) and Adium (macOS).
It's quite frustrating to see my country turn into an Orwellian nightmare. Most voters don't care, either because they don't understand the ramifications of a surveillance state, or because they fall into party lines and turn it into a petty squabble. So seeing a coalition that's equally composed of reds and blues is a very good sign I think. But we'll have to wait and see if this goes anywhere.
Signal is the best for security/privacy: https://en.wikipedia.org/wiki/...
>Telegram listed as secure
Entire list disregarded as bullshit.
If you use the Secret Chat function, it is in fact secure. However the regular chats are not. The scorecard is correct.
Microsoft does not protect their user's data, and Skype itself is a security and privacy nightmare: https://www.eff.org/node/82654 (N.B. the EFF is going to update this score card soon, but it's still right about Skype; see here: https://www.eff.org/mention/ns...)
Suppose the FBI* wanted to present evidence against me in court, which allegedly I transmitted over HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle? Afterall, it's the digital equivalent of a postcard or billboard posting that's very easily tampered with and forged.
It seems as though the FBI should be cheering for encrypted transmission by default; it means the evidence they collect is (more provably, at least) genuine.
* Let's assume they have a valid and proper warrant here, which usually isn't the case, but let's keep this simple.
For everyone who swore up and down that Windows 10 will never be a subscription and Microsoft will always stick with their old business model (pay once for the OS, additional support by subscription): hope the crow is tasty!
Now the question is if they'll turn the 'Home' and 'Pro' editions into subscriptions as well. It's clearly not beneath them, it's only a question if their execs determine that the hostage revenues will outweigh the massive bad will backlash they'll receive.
https://tech.slashdot.org/comm...
Secure enough for most things, yes. Until that encryption is broken or the implementation has back doors built into it or flaws discovered.
Yeah, alright, but by that logic, nothing is really secure, because it's only secure *until* some vulnerability is found.
When people talk about "security," they don't mean some Platonic Form that signifies some absolute and eternal protection in all cases. Practically, however, the best modern forms of encryption are reasonably secure enough that you can rely on them, moreso than any kind of physical lock-box.
The keys to your cars are on a rack in your house. You have a security camera in your house that makes ensure against a malicious person who walks in your house, takes your keys, clones them, then puts the originals back on the rack. It turns out the security camera's susceptible to that trick from The A-Team where you take a photo of the room from the perspective of the security camera, then tape the photo onto the security camera's lens so it looks like there's no activity in the room. Because of that, there's no way of checking to make sure nobody sneaks in your house to clone your car keys.
Linux rules! Crapple drools!
Honestly, I see absolutely NOTHING "drool-worthy" in the desktop environments that Linux users suffer with. Hell, ask an honest Linux user, and most will agree that the popular GUIs for Linux are generally sucktastic. Add to that the internal strife that systemd has added, and Linux is utterly ignore-able by most Mac users. As for Android, you honestly couldn't pay me to give up my iPhone for that Orphaned Product-Pile and Malware-Fest that is Android.
Didn't your mother ever teach you, "if you have nothing nice to say, say nothing at all"?
Really, I'm glad you like Macs. But I don't understand why you choose to squirt bile on every male that crossed your dominion.
"security of the entire internet." The author of this nugget doesn't know, apparently, that the Internet was never designed to be secure, and any attempt to make it so will inevitably fail. The Internet was designed to facilitate the OPEN exchange of information.
Who cares about the security of the Internet per se? Peak and tamper with the tunnels as much as you want, so long as the data is encrypted and signed then it makes no difference.