``I've felt for a long time that giving someone local shell access to a machine is never going to be completely secure.''
Indeed, it is not. There are various nasty things a regular user with shell access can do.
``This is just another proof of concept of that principle.''
No. This is a vulnerability that makes things worse than they should be. There are various ways to limit what regular users can do. A vulnerability that allows these users to become root means the system is broken, so that users actually get _more_ power than they would have, had they just been given shell access.
Is there some sort of exploit code I can run to check if my system is vulnerable? I tried to find some online, but I only came up with some code for SCO Unix and some code that is so horrendously long that I don't dare running it for fear it might do something I don't want to happen on my system.
``I thought we discussed this in July? Or is this a different exploit?''
I have been wondering this, as well. It would be useful if, when discussing bugs, people included some sort of unique identifier, to make clear exactly which bug they are talking about.
``People complain that UAC in Vista was too intrusive, so MS turned it down by default. Now people are complaining that it doesn't do enough.''
Right. First, we got "insecure by default". At some point, people got fed up with the resulting rampant malware, and didn't want it anymore.
Then we got annoying pop-ups. People didn't want those, either.
Now we have something in between, which basically means "fewer annoying pop-ups". But people still don't want them.
Meanwhile, people's computers are still being infected by malware. So with the introduction of UAC and all the subsequent tweaking, what have we really gained?
The "subtlety" here is that Windows is extremely complex. I don't think anybody knows exactly how it works. Given that, it is hard to determine conclusively whether something can cause problems or not. Without that knowledge, it is best to err on the safe side.
Part of the problem is the myriad of possible hardware combinations, with each piece of hardware needing different instructions from the next piece that does the same thing, and hardware vendors constantly releasing new hardware that makes the situation worse.
I'm for selecting a few hardware interfaces and stating clearly that these are supported, then doing our stinking best to ensure that no upgrade breaks things on that hardware. For any other hardware, support can be best-effort.
This will provide two benefits: first, it will provide users with clear information on what to expect, and gives them the option to choose for smooth upgrades. Secondly, it will provide an incentive to hardware makers to make their new hardware be interface-compatible with previous iterations, lessening the unnecessary burden on driver writers.
``*sigh* We see these kinds of articles on every major new release of Ubuntu/Fedora/Windows/OSX. This is NOT news.''
Perhaps you are right, but then I contend that it _should_ be. If I am a happy user of some product, and the vendor comes and says "hey, we have a shiny new version out", I want to be able to switch to the new version and actually be happier with it than I was with the old version. Otherwise, what's the point?
I am not saying that Ubuntu should be the one providing this experience. If they want to release new versions without providing a smooth upgrade from the previous version, that is fine. But, in general, I think that breaking things that were working before should be the exception, not the norm.
``requirements so for every app we need at least 4 OS images''
Then, indeed, virtual machines are probably cheaper than physical machines, and thus virtualization benefits you.
But recognize that this is because the requirements are set in stone. You are using multiple OS images because the requirements say you have to. The case I am concerned with is one I have seen often, where companies deploy many physical machines even though they don't have to, and then discover that, miraculously, they can save money by _not_ deploying all these physical machines.
I have no trouble believing that there is a scenario that uses virtualization that is $1M cheaper than another scenario that doesn't use virtualization. But that doesn't mean that it is the virtualization that saves the $1M.
Then what? It sounds like you just want a reason to hate virt machines.''
Indeed, I am being a bit confrontational about it. I am taking the position that virtualization is useless, and seeing if people can convince me otherwise.
To answer your question: what I often see is that a company deploys a number of physical machines for no good reason, and then discovers that, using virtualization, they can do things a lot cheaper, because they don't need that many boxes anymore. Ok, great, but if they hadn't deployed so many boxes in the first place, they would have saved even more... not just because they've still had to pay for having the boxes in service, but also because, even after they switch to virtual machines, they will still need to provide power, disk space, memory, and, last but not least, maintenance for all the OS images.
In other words, virtualization may save them money by going from a horribly overpriced solution to a less horribly priced solution, but it's still not the right solution if economic efficiency is your concern.
``
But the question is: why was the software spread out over that many physical machines in the first place?
The answer is usually isolation.''
Right. And it is my opinion that a whole virtual machine, with its own OS image that needs to be maintained, is overkill and inefficient for this scenario. Again: yes, using virtual machines, you do get isolation... but I am not convinced that it is more cost effective than, say, just using the process isolation already in your operating system.
After years of experience, I can say that this is not always the case''
Same for Mac. And, when Vista was new, the same was true for Windows.
It prompted me to say "Vista is the most Linux-like release of Windows yet. Improved security, backward compatibility is out of the door, poor driver availability, and it looks good."
``there does seem to be a certain acceptance among devs of the idea that something that worked before may not work now''
It has long been this way with Ubuntu, which is why I've shunned it since the 6.xx days.
On the other hand, I'm actually posting this from a pre-release version of karmic... because that includes the 2.6.31 kernel which has drivers for my motherboard's fan controller. If it were up to me, I'd run something more stable, but the upgrade threadmill imposed by hardwase manufacturers constantly changing interfaces to the same functions has forced my hand.
Besides, I don't know where to turn. Even the last Debian update I did went bonkers. Folks in the data center had to physically access the machine to pick the right kernel to boot, and after that, a lot of things turned out not to be working anymore in userspace, including the mail server.
Please, people. I just want the things that were working yesterday to still be working today. There are enough distros that focus on bringing the latest and greatest shiny features. Where is the distro that focuses on stability and quality?
``On MacOS X, it's just about impossible to get into a situation where a) video tears or flickers, or b) menus and windows can "rub out" other menus or windows (eg, you can't drag a window around like a giant eraser on Mac OS). On X+whatever, it's pathetically easy to do either.''
Really? Interestingly, I've only ever seen this on Windows. Maybe it just depends on what applications you use.
``Grafting things like multiple display support, accelerated 3D, video playback and now, compositing, have shown problems.''
``Between X's by-design paucity of features and the number of combinations of video driver, X server, window manager and settings thereof, it's hard to get a decent, modern desktop experience. Had X been designed a little more smartly (eg, for actual people and not for computer scientists) this probably wouldn't be such a problem. Grafting things like multiple display support, accelerated 3D, video playback and now, compositing, have shown problems.''
While I am sure there have been problems, I think it is to X's credit that it _has_ been proven possible to add all this features all the while maintaining backward compatibility with existing software. I mean, what other display system in current use goes back to 1985? I don't know about Windows's, but OS X's certainly doesn't. Meanwhile, where X has arguably hit a few bumps implementing certain features, there are features that X has had since the beginning that Windows and OS X still lack. And while you may see a myriad of possible combinations as a Bad Thing, I see that as a strength: you can experiment with new ideas without having to replace the whole thing from scratch.
``By comparison, again, we have MacOS X's system, which again just works''
Define "just works". In what sense does OS X's display system "just work" more than X? Last I checked, code written for OS X's display system only worked on OS X. If you're lucky, it will work on multiple versions of OS X. Meanwhile, code written for yesteryear's X still works on today's X, and it can talk to X no matter of the operating system it runs on, and even to instances running on different machines. Sure, it is possible to come up with combinations of X and something that don't work. With OS X, there are very few combinations that _do_ work. But yes, if you find one, it will "just work". Just like if you find a combination of things that work with X, it will "just work".
``It saved us from having to do a $1M datacenter upgrade so yeah, I'd say it benefited us.''
Yeah, but comparing what to what?
I have no trouble believing that there is a scenario that uses virtualization that is $1M cheaper than another scenario that doesn't use virtualization. But that doesn't mean that it is the virtualization that saves the $1M.
For example, one common scenario is that virtualization is used to convert from "many physical machines each running some software" to "one physical machine running many virtual machines running said software". I can see why one physical machine is cheaper than many. But the question is: why was the software spread out over that many physical machines in the first place?
It's also not like virtualization is actually as new as the hype around it is. Perhaps if virtualization had been considered right at the start, companies wouldn't be seeing cost savings now... they'd have been cheaper off all along.
What I'm saying is that virtualization is not a silver bullet. It is one option among many.
``Not sure why virtualization made it into the potential snake-oil of the future. It's demonstrating real benefits today...practically all of the companies I deal with have virtualized big chunks of their infrastructure.''
I am sure they have, but does it actually benefit them? In many cases, it seems to me, it's just people trying their best to come up with problems, just so they can apply virtualization as a solution.
``Having taken several courses on AI, I never found a contributor to the field that promised it to be the silver bullet -- or even remotely comparable to the human mind.''
The problem is that, if it isn't that, then what is "artificial intelligence", rather than flashy marketing speak for just another bunch of algorithms?
``How far back has the software industry been set back by Microsoft?''
Funny, I was just thinking about these things the other day. I had this idea that, for all the anger directed at Microsoft, they don't seem to actually have made things worse than they were; at worst, they have prevented things from being as good as they could have been. I mean, what is there that we could do before Microsoft, and can't do now?
Now that you have brought up some points, you have made me thing about it again, and I realize there actually are a lot of things that Microsoft has done that have improved things. Perhaps ironically, Microsoft actually used to be fighting the good fight, promoting standardization, giving power to the common user, etc.
``How much further along would server side be if Microsoft had truly worked with the Java community instead of going it's own way with.Net?''
Not the example I would have picked to make your case. I've seen Java get a huge boost when it was getting some competition in the form of C#. And even that boost mostly just meant implementing features that other languages had already had for sometimes many years. In fact, _the_ reason I resent Java so much is that so much effort has gone into duplicating the functionality already available elsewhere in the Java universe (often in multiple iterations, because they make mistakes that others have already made before), and thinking the folks doing the duplication are heroes for having invented this. So Java's hands are definitely not clean here. Neither are.NET's, but it's not Microsoft's fault that the Java universe isn't further along; that squarely it's own fault.
``If Microsoft the company has lost a decade, it is Karma - for the world and our industry has lost so much more at their hands.''
On the other hand, they have given a lot, too. They started out writing BASIC interpreters, which were shipped with home computers and PCs. Suddenly, development tools were affordable and ubiquitous. It is their smarts that allowed PC clones to be compatible with IBM PCs, ultimately leading to PCs being affordable and ubiquitous. Much of the software they have developed essentially boils down to being an alternative to expensive established offerings... Microsoft's software being more affordable and eventually becoming ubiquitous. Think, for example, NT vs. Unix.
I don't like what Microsoft has become, and I resent numerous things they have done and are doing, but let's give them credit where credit is due: there are a lot of good things they have done for the world, as well.
This could be a Good Thing, if it means that the formats will be made and remain open. IIRC, PDF is already an open standard, and supported by various programs from multiple sources. I would applaud it if the same were to happen to Flash. And if both formats are open and widely supported, the government could do a lot worse than using them.
``I would summarise that interview as "When builds leak they might be incomplete or old, and people may get a wrong impression of what the product will be like. This causes my phone to ring which is a pain in the ass"''
Also, if the issue is that leaked builds give people wrong impressions about your product, why don't you release builds that give the right impression? I can see the argument for wanting to keep things under wraps, but if reality is that builds get out there, you might as well ensure that they are the builds you sanction. You know, "release early, release often", and people won't get the wrong impression about what is really going on.
Slashdot Mirror
``I've felt for a long time that giving someone local shell access to a machine is never going to be completely secure.''
Indeed, it is not. There are various nasty things a regular user with shell access can do.
``This is just another proof of concept of that principle.''
No. This is a vulnerability that makes things worse than they should be. There are various ways to limit what regular users can do. A vulnerability that allows these users to become root means the system is broken, so that users actually get _more_ power than they would have, had they just been given shell access.
Thanks. With the CVE numbers, at least we know what we're talking about.
``Will my 2.4.x kernels get a patch?''
Are they vulnerable?
Interesting, on karmic, I have:
Then again, I don't know if my system is actually vulnerable, because I have yet to see a description of how the exploit works.
Is there some sort of exploit code I can run to check if my system is vulnerable? I tried to find some online, but I only came up with some code for SCO Unix and some code that is so horrendously long that I don't dare running it for fear it might do something I don't want to happen on my system.
``I thought we discussed this in July? Or is this a different exploit?''
I have been wondering this, as well. It would be useful if, when discussing bugs, people included some sort of unique identifier, to make clear exactly which bug they are talking about.
``And for corporate users who HAVE to use ie6, for the nicest value of "they can fuck off"; they can fuck off.''
It is, after all, not you who imposes this requirement on them.
``One day I hear Linux has great hardware support. It's not like Linux in the past, we even have *BETTER* hardware support than Windows now.
Then, the next day I hear, 'Well, yeah, Linux doesn't work; but you don't have the right hardware. <snip>
Which is it? It can't be both.''
What makes you think that? Just because one system has better hardware support doesn't mean it supports ALL hardware.
``People complain that UAC in Vista was too intrusive, so MS turned it down by default. Now people are complaining that it doesn't do enough.''
Right. First, we got "insecure by default". At some point, people got fed up with the resulting rampant malware, and didn't want it anymore.
Then we got annoying pop-ups. People didn't want those, either.
Now we have something in between, which basically means "fewer annoying pop-ups". But people still don't want them.
Meanwhile, people's computers are still being infected by malware. So with the introduction of UAC and all the subsequent tweaking, what have we really gained?
The "subtlety" here is that Windows is extremely complex. I don't think anybody knows exactly how it works. Given that, it is hard to determine conclusively whether something can cause problems or not. Without that knowledge, it is best to err on the safe side.
Part of the problem is the myriad of possible hardware combinations, with each piece of hardware needing different instructions from the next piece that does the same thing, and hardware vendors constantly releasing new hardware that makes the situation worse.
I'm for selecting a few hardware interfaces and stating clearly that these are supported, then doing our stinking best to ensure that no upgrade breaks things on that hardware. For any other hardware, support can be best-effort.
This will provide two benefits: first, it will provide users with clear information on what to expect, and gives them the option to choose for smooth upgrades. Secondly, it will provide an incentive to hardware makers to make their new hardware be interface-compatible with previous iterations, lessening the unnecessary burden on driver writers.
``*sigh* We see these kinds of articles on every major new release of Ubuntu/Fedora/Windows/OSX. This is NOT news.''
Perhaps you are right, but then I contend that it _should_ be. If I am a happy user of some product, and the vendor comes and says "hey, we have a shiny new version out", I want to be able to switch to the new version and actually be happier with it than I was with the old version. Otherwise, what's the point?
I am not saying that Ubuntu should be the one providing this experience. If they want to release new versions without providing a smooth upgrade from the previous version, that is fine. But, in general, I think that breaking things that were working before should be the exception, not the norm.
Thanks for clarifying. I am convinced.
``requirements so for every app we need at least 4 OS images''
Then, indeed, virtual machines are probably cheaper than physical machines, and thus virtualization benefits you.
But recognize that this is because the requirements are set in stone. You are using multiple OS images because the requirements say you have to. The case I am concerned with is one I have seen often, where companies deploy many physical machines even though they don't have to, and then discover that, miraculously, they can save money by _not_ deploying all these physical machines.
``
Then what? It sounds like you just want a reason to hate virt machines.''
Indeed, I am being a bit confrontational about it. I am taking the position that virtualization is useless, and seeing if people can convince me otherwise.
To answer your question: what I often see is that a company deploys a number of physical machines for no good reason, and then discovers that, using virtualization, they can do things a lot cheaper, because they don't need that many boxes anymore. Ok, great, but if they hadn't deployed so many boxes in the first place, they would have saved even more ... not just because they've still had to pay for having the boxes in service, but also because, even after they switch to virtual machines, they will still need to provide power, disk space, memory, and, last but not least, maintenance for all the OS images.
In other words, virtualization may save them money by going from a horribly overpriced solution to a less horribly priced solution, but it's still not the right solution if economic efficiency is your
concern.
``
The answer is usually isolation.''
Right. And it is my opinion that a whole virtual machine, with its own OS image that needs to be maintained, is overkill and inefficient for this scenario. Again: yes, using virtual machines, you do get isolation ... but I am not convinced that it is more cost effective than, say, just using the process isolation already in your operating system.
``once the virus is running on the PC, it's got free reign''
Isn't that something we should do something about?
``...software written for Linux runs on Linux
After years of experience, I can say that this is not always the case''
Same for Mac. And, when Vista was new, the same was true for Windows.
It prompted me to say "Vista is the most Linux-like release of Windows yet. Improved security, backward compatibility is out of the door, poor driver availability, and it looks good."
I am surprised. If so many people are affected by these issues, how come they weren't found and fixed prior to release?
Or is it a matter of pushing the release out of the door despite known bugs still being present?
``there does seem to be a certain acceptance among devs of the idea that something that worked before may not work now''
It has long been this way with Ubuntu, which is why I've shunned it since the 6.xx days.
On the other hand, I'm actually posting this from a pre-release version of karmic ... because that includes the 2.6.31 kernel which has drivers for my motherboard's fan controller. If it were up to me, I'd run something more stable, but the upgrade threadmill imposed by hardwase manufacturers constantly changing interfaces to the same functions has forced my hand.
Besides, I don't know where to turn. Even the last Debian update I did went bonkers. Folks in the data center had to physically access the machine to pick the right kernel to boot, and after that, a lot of things turned out not to be working anymore in userspace, including the mail server.
Please, people. I just want the things that were working yesterday to still be working today. There are enough distros that focus on bringing the latest and greatest shiny features. Where is the distro that focuses on stability and quality?
``On MacOS X, it's just about impossible to get into a situation where a) video tears or flickers, or b) menus and windows can "rub out" other menus or windows (eg, you can't drag a window around like a giant eraser on Mac OS). On X+whatever, it's pathetically easy to do either.''
Really? Interestingly, I've only ever seen this on Windows. Maybe it just depends on what applications you use.
``Grafting things like multiple display support, accelerated 3D, video playback and now, compositing, have shown problems.''
``Between X's by-design paucity of features and the number of combinations of video driver, X server, window manager and settings thereof, it's hard to get a decent, modern desktop experience. Had X been designed a little more smartly (eg, for actual people and not for computer scientists) this probably wouldn't be such a problem. Grafting things like multiple display support, accelerated 3D, video playback and now, compositing, have shown problems.''
While I am sure there have been problems, I think it is to X's credit that it _has_ been proven possible to add all this features all the while maintaining backward compatibility with existing software. I mean, what other display system in current use goes back to 1985? I don't know about Windows's, but OS X's certainly doesn't. Meanwhile, where X has arguably hit a few bumps implementing certain features, there are features that X has had since the beginning that Windows and OS X still lack. And while you may see a myriad of possible combinations as a Bad Thing, I see that as a strength: you can experiment with new ideas without having to replace the whole thing from scratch.
``By comparison, again, we have MacOS X's system, which again just works''
Define "just works". In what sense does OS X's display system "just work" more than X? Last I checked, code written for OS X's display system only worked on OS X. If you're lucky, it will work on multiple versions of OS X. Meanwhile, code written for yesteryear's X still works on today's X, and it can talk to X no matter of the operating system it runs on, and even to instances running on different machines. Sure, it is possible to come up with combinations of X and something that don't work. With OS X, there are very few combinations that _do_ work. But yes, if you find one, it will "just work". Just like if you find a combination of things that work with X, it will "just work".
``It saved us from having to do a $1M datacenter upgrade so yeah, I'd say it benefited us.''
Yeah, but comparing what to what?
I have no trouble believing that there is a scenario that uses virtualization that is $1M cheaper than another scenario that doesn't use virtualization. But that doesn't mean that it is the virtualization that saves the $1M.
For example, one common scenario is that virtualization is used to convert from "many physical machines each running some software" to "one physical machine running many virtual machines running said software". I can see why one physical machine is cheaper than many. But the question is: why was the software spread out over that many physical machines in the first place?
It's also not like virtualization is actually as new as the hype around it is. Perhaps if virtualization had been considered right at the start, companies wouldn't be seeing cost savings now ... they'd have been cheaper off all along.
What I'm saying is that virtualization is not a silver bullet. It is one option among many.
``Not sure why virtualization made it into the potential snake-oil of the future. It's demonstrating real benefits today...practically all of the companies I deal with have virtualized big chunks of their infrastructure.''
I am sure they have, but does it actually benefit them? In many cases, it seems to me, it's just people trying their best to come up with problems, just so they can apply virtualization as a solution.
``Having taken several courses on AI, I never found a contributor to the field that promised it to be the silver bullet -- or even remotely comparable to the human mind.''
The problem is that, if it isn't that, then what is "artificial intelligence", rather than flashy marketing speak for just another bunch of algorithms?
``How far back has the software industry been set back by Microsoft?''
Funny, I was just thinking about these things the other day. I had this idea that, for all the anger directed at Microsoft, they don't seem to actually have made things worse than they were; at worst, they have prevented things from being as good as they could have been. I mean, what is there that we could do before Microsoft, and can't do now?
Now that you have brought up some points, you have made me thing about it again, and I realize there actually are a lot of things that Microsoft has done that have improved things. Perhaps ironically, Microsoft actually used to be fighting the good fight, promoting standardization, giving power to the common user, etc.
``How much further along would server side be if Microsoft had truly worked with the Java community instead of going it's own way with .Net?''
Not the example I would have picked to make your case. I've seen Java get a huge boost when it was getting some competition in the form of C#. And even that boost mostly just meant implementing features that other languages had already had for sometimes many years. In fact, _the_ reason I resent Java so much is that so much effort has gone into duplicating the functionality already available elsewhere in the Java universe (often in multiple iterations, because they make mistakes that others have already made before), and thinking the folks doing the duplication are heroes for having invented this. So Java's hands are definitely not clean here. Neither are .NET's, but it's not Microsoft's fault that the Java universe isn't further along; that squarely it's own fault.
``If Microsoft the company has lost a decade, it is Karma - for the world and our industry has lost so much more at their hands.''
On the other hand, they have given a lot, too. They started out writing BASIC interpreters, which were shipped with home computers and PCs. Suddenly, development tools were affordable and ubiquitous. It is their smarts that allowed PC clones to be compatible with IBM PCs, ultimately leading to PCs being affordable and ubiquitous. Much of the software they have developed essentially boils down to being an alternative to expensive established offerings ... Microsoft's software being more affordable and eventually becoming ubiquitous. Think, for example, NT vs. Unix.
I don't like what Microsoft has become, and I resent numerous things they have done and are doing, but let's give them credit where credit is due: there are a lot of good things they have done for the world, as well.
This could be a Good Thing, if it means that the formats will be made and remain open. IIRC, PDF is already an open standard, and supported by various programs from multiple sources. I would applaud it if the same were to happen to Flash. And if both formats are open and widely supported, the government could do a lot worse than using them.
``I would summarise that interview as "When builds leak they might be incomplete or old, and people may get a wrong impression of what the product will be like. This causes my phone to ring which is a pain in the ass"''
Also, if the issue is that leaked builds give people wrong impressions about your product, why don't you release builds that give the right impression? I can see the argument for wanting to keep things under wraps, but if reality is that builds get out there, you might as well ensure that they are the builds you sanction. You know, "release early, release often", and people won't get the wrong impression about what is really going on.