Hi could you give the links to the technology you are using. I am very interested in this field (giving applications less rights than the user). I have not heard of SAKs before.
A SAK is a secure attention key. It's [originally] a hardware device that kills all the processes associated with a given terminal. In Xorg/XFree86 it's Ctrl-Alt-Backspace.
Also, have you come across a way of stopping GUI applications taking over other GUI application via the X protocol?
It's called Xnest.
I, however, run my X sessions over Xvnc so that I can disconnect from them (using the SAK) and reattach after I'm done with my privileged operation.
Deleting everything in my home directory is anything but minimal.
Compared to deleting your entire system?
Nevertheless, why do you run at a privilege level that can delete everything in your home directory? Is it so you can delete _a_ file that you make it possible to delete _any_ file?
This isn't necessary; I regularly run applications with split privilege levels. My "main" account and my "run" account are in the same group. If I need to edit a file, my vi-wrapper gives group-write permissions to the file I'm editing and then drops privileges. Once the vi-wrapper exits, group-write permissions are removed.
The web browser runs as another user- so while I suppose a "virus" could knock out my bookmarks, I actually publish those over the network (so I can share them with my laptop).
My email client uses rsync to download my email. The client itself runs at a reduced privilege. Worst case scenario is that a malicious virus could delete the flags I put on messages so I might forget which ones I replied to (but only on the most recent ones- because I archive my email into files that have been chattr+i.
All in all, this system that I use is fairly immune to viruses. I'm sorry yours is not, but at least you have the ability to make it so on a Unixish system.
You simply don't on a Windows system.
Spam relays and DDOs botnets don't need root access, just the ability to send data over the network
No. They need to do something normal programs on my system do not. The only UDP traffic I generate is DNS traffic, so I suppose they could DOS my dnscache- it just happens to be running on the same machine. Using iptables is easy with owner-matching, and it protects against this very thing.
Meanwhile, my email is sent using serialmail. I'd notice immediately if when I went to send messages, there were an awful lot of them. Other people would to. Why don't you?
How about modifying your GNOME or KDE menu to point to a fake terminal entry or fake admin tools?
Regular users rarely install programs, and I never do. I don't give my run account the ability to modify my menus. It simply can't happen.
Windows lacks "setuid", so it makes my security measures impossible.
How do you know that the "gnome-terminal-emulator" you're now typing your password into (through sudo) isn't actually stealing it?
It's called a SAK. And I don't switch to a more privileged user without it.
So my challenge to you is. . . Prove the Theory of ID is false. Prove Evolution is false. Take your pick. You can't do either.
You're confusing theory in the theological sense, and theory in the scientific sense.
In the scientific sense, theories are useful so long as they provide a mechanism by which additional information can be tested for, and gained.
The theory of evolution- that is, that evolution (the process of natural selection) produced _all_ variances in life- is good because it helps us look for ways to test it and gain new knowledge- such as exactly how that operation occurred in various life forms (the search for so called intermediate or "missing links"), or how to evaluate the usefulness in various parts of the genetic code.
The theory of Intelligent Design doesn't exist in the scientific sense because it doesn't provide any mechanism whatsoever that its effects can be tested, or that knowledge can be gained.
Now theory in the theological sense means something completely different- it's the kind of theory that the universe was created by a flying spaghetti monster and that we true believers that have been touched by His noodly appendage will be treated to a stripper factory and a beer volcano in the afterlife, actually happens to be.
So if Intelligent design is a "theory" - it's the same kind of theory that the FSM is.
Those kinds of theories- however much fun they might be as thought experiments, really aren't useful at all to science because they don't give us a way to test them, or gain new knowledge.
Now as to the big debate: I think "Intelligent Design" should be taught- in theology or religion or thought-experiment class, but it certainly lends no value to biology.
I'd like to take that a point further- there aren't any safe languages.
It's just a whole lot easier to be safe with C because all the machinary is simple, than it is with other languages- that are a lot more complicated (and have more placed for shit to clog something up and blow your face off).
It *is* possible to use the standard C library string functions in a safe manner, but it's difficult and error-prone - and if you make just one mistake, it might well be enough to open an exploitable hole in your program.
That's why isolation is so important. It's not easy, or taught often how to isolate and privilege separate code. As a result, people don't do it.
With isolation the programmer can actively ignore bugs like this and concentrate on other things knowing full well that any bugs there aren't going to turn into security holes.
if you *do* decide to use it after all, you should be aware of its weaknesses and pitfalls so you can avoid them.
You should be aware of all the things your language-of-choice is weak at.
You should also be aware that security is about proving resistance. This is very difficult to do in a managed environment (do you trust your VM?) or when the compiler does things behind your back.
As a result, C is often a better choice for experienced programmers because it is harder to make a bad C compiler than a bad compiler for [most] other languages- including C++- and as a result, there's simply less code to verify in C, than with other languages.
I use C primarily for isolation machinary- simply because that stuff isn't available in other languages- or is harder to get at. As a result, I can write the meat (read: insecure/buggy parts) in other languages as I like, knowing that even if I allow remote code execution to occur in those parts, it still doesn't constitute a security hole.
The string handling functions of the standard C library make it very easy to write unsafe code.
So what?
Secure programming in C tends to avoid using the string handling functions as provided by ANSI and POSIX.
Secure programming in C++ tends to avoid IOS for loss of atomicity.
Secure programming in Perl tends to avoid iterpolation of user-data.
Secure programming in any language tends to involve avoiding the mechanisms that are difficult to verify correctness with.
Indeed: the most secure programming languages are the ones where correctness is easiest to verify- to do so in Java or Perl means verifying the VM and runtime, and to do so in C++ means finding that rare soul that actually understands what kind of nonsense the compiler is doing behind your back.
That is to say that C is one of the best languages to use for secure software- not the worst- simply because it's easier to verify correctness on the whole, than with other languages and runtimes.
The example of the image viewer that reads from an untrustworthy source is an excellent one- the Image viewer can be written in any language they like- and could have dozens of bugs and still not be a security risk if the application were run with a restricted uid and had no file or network I/O access.
This could be done by splitting the application into several parts- one that represents the file I/O, one that represents decoding, and one that blits to the screen. The part that represents decoding is probably the hardest to verify, so it would be limited to pure CPU operations, reading bits from an existing pipe (from the file I/O part) and writing bits out to another existing pipe (representing the blitter).
This approach works well, and believe it or not, in a world of increasingly multi-core and multi-processor systems, it's actually faster.
Right. Just so we're clear, you think root exploits are better to have than spam.
Here's the problem: You also think other people make that decision too.
I don't have a problem with address blocking (tcprules, badmailfrom, rbls, and.qmail file egreps), my spam levels (spamassassin, dcc, and a few other things), and I don't upgrade so your other shit is moot anyway.
I also understand what djb's reasoning for daemontools is, and I understand exactly how it's better than/etc/init.d or/etc/rc- so I don't have any ignorance getting in my way.
I think the benefits over/etc/inittab aren't as great- but almost nobody uses/etc/inittab for some paranoid (read: stupid) reason.
I also have zero "patches" applied to Qmail.
Zero upgrades is NOT a good thing. It means you aren't able to keep up with the changing landscape of email.
No it doesn't. Qmail allows users to "keep up" by being modular. I replace and augments the pieces that I'm interested in changing. Sendmail makes that impossible by not being modular, and it has rootable exploits - as you say, recently about "every 2.5 years".
Really, init.d sucks, I don't even bother using it anymore. Daemontools is great,/etc/inittab when not available.
This was not a smart move. The bullies decided that since I was no longer an easy target, they would after my little brother. They locked him in a room with several guys twice his size and they proceeded to beat the crap out of him. He was a mess once they were finished with him, and I had a breakdown as a result.
That's when you go and shoot them.
The administration failed you. Your parents failed you. Your community failed you.
After you shoot them, Michael Moore will come to your town and make a documentary on how "surprised everyone was that it happened in their home town".
You'll have the last laugh though- so completely detached from reality that you'll think you're on a game show having a real good time, I'm sure.
Seriously though: It really sucks what happened to you, but believe it or not- society HAS gotten better. There were gangbangers and kids bringing guns to school 40 years ago, and it'll still happen 40 years in the future.
The difference is that with mass media, and people like Michael Moore, your whole life might be to serve as a warning for others.
Don't like guns? Fine. Drive a truck through their house. Years of abuse and sadism made you do it. Get on TV. Fuck their families up they way they screwed up your brother. Bomb their whole fucking neighborhood. Or just take a baseball bat.
You might end up well adjusted like some of these people who (apparently) post on this thread, and you might end up in jail. They won't hurt others any more, and chances are you won't either.
It has been said that your life and your feelings are only as valuable as you think they are, but more to the point, everyone elses' life and feelings are only as valuable as you think they are also.
Face the facts here. Qmail and Postfix certainly have their uses, and are both excellent MTAs, but neither is "way better" than Sendmail for all installations. We each have our own requirements, and Sendmail meets those requirements for a lot of my installations.
No, what you mean to say, is neither is a complete replacement for Sendmail. And that's true- Sendmail does things that Qmail and Postfix don't do.
Unfortunately, that's [also] part of the problem. Sendmail is so much more complicated, that it's harder to audit- and being a single giant ball unnavigatable feces, you should never reprimand anyone for trying to get away from it- nay, you should be attempting to get away from it yourself!
The trick is to see if your messaging infrastructure can be expressed in terms of Qmail and Postfix. If it can (and it usually can) then you'll be much happier because your infrastructure will be much simpler and easier to audit.
It'll also show you exactly what needs to change- for me, it was stronger controls over delivery scheduling. But because Qmail is modular, I could simply change that part and wasn't tied otherwise to the crap that is Sendmail.
Basically Sendmail was written in the age when moving mail from place A to B actually was difficult
No. Sendmail was written when moving mail was easy- they just thought it was going to get harder so they overengineered it.
The whole message rewriting header/scrambling thing has NEVER been needed to transfer to/from uucp hosts, the 7bit fantasy network, or other messaging networks- it was ALWAYS performed in the gateways to those other networks.
Source routes should never have existed- There should never have been a reason why the person sending the message might know more about the messaging server than the server itself.
There's no reason a user should ever send mail to a program- users only ever sent mail to addresses, and by exposing programs as "a special kind of address" - they made it possible to yes, use UUCP without the mail administrators' permission, but they also opened the whole slew of bugs in sendmail that popularized the mid '90s.
Sendmail _never_ had to be this complicated. They did it this way because of equal parts stupidity and hubris, and pretending it was anything else means it'll happen again (see IPV6 for more details).
By the way, I've had zero difficulty getting qmail- which itself doesn't understand how to send mail over uucp, Fido or Citnet, to actually transfer mail bidirectionally with all of these networks. Love or hate qmail, if the naive mailbox-to-user approach was good enough for all these networks, it would've worked for sendmail.
This I certainly agree with. It's a lot of tedius fixups and extra code writing that simply isn't necessary on UNIX. If my icons come in SVG format, I need a little machinary to get them into the formats the rest of my build procedure understands. This machinary is free on UNIX (because it's a part of normal UNIX usage), but extremely expensive on Windows- in terms of extra code written, and increased learning curve.
A word to windows-only programmers: Windows is good and pays well, but try out Linux programming.
Except good UNIX developers make more than good Windows developers. Even Microsoft has said so (although their point was management has to pay Windows developers less... so their costs are lower)
Really, the pay is better, it's more enjoyable, just- why would anyone want to develop on Windows?
At least one good thing can be said for the Windows-based sites, they do actually do something.
Yup. They get defaced and broken down more than any other system. That despite not having a majority.
most of the windows-hosted sites are ecommerce
Err, no they're not. As the article points out, most windows-hosted sites are parking pages.
Strip out all the 1-page personal websites where you have a thousand hosted on 1 server by the huge hosting companies (eg 1&1) and you'd have a pitiful number left.
While we're at it, let's "strip out" anything else that disagrees with your pretension that Windows are superior.
Let's group all Windows platforms together, and separate all unixish platforms.
Let's ignore any site that didn't pay for vendor assistance! (after all, they're not doing business)
Let's ignore any site that didn't sign up for the survey with a Microsoft browser (after all, they're evil hackers!)
Or do you really believe that it's easier to manage 10,000 customer sites with different needs, than it is to manage one site, with a single need, and lots of lead time before changes?
It is a pity Netcraft don't release their SSL site survey as I think that would be a lot closer to a 50/50 split.
Lemmie guess, one of those gut feelings right?
Or maybe you're basing this on the free report they published in November 2004, you know, when RSA was still patented and you had to get a commercial license to use SSL?
It's called a proof, and it's just as valuable in secure systems as it is in mathematics.
Instead, you figure out what you want to protect against, and prove that your system is safe from that.
For example: if you want to protect against evildoers getting the contents of/etc/shadow, then all you need to do is provide a guarantee by which no access to/etc/shadow is possible that can be manipulated by an evildoer.
It's very often that the best way to do this is to move the resource into a more restricted area- for example, put/etc/shadow in LDAP. This is fine- it may be easier to secure your LDAP server than it is to make sure there's no way to get user root or group shadow on your servers.
At this point, if no one has access to the LDAP server, then no one has access to the/etc/shadow, right?
So how do we make sure that no one can manipulate the LDAP server to give out extra information.
One very popular way to do this is with layer-7 filters. Now "all" we need to do is make sure that the layer-7 filter is secure.
Writing a layer-7 filter like this is easy, and can be done in a few hours- including auditing.
At this point, if restricted otherwise by physical security, we can prove that in order to get/etc/shadow, the evildoer needs to bypass physical security, _or_ mangle the operating system of the L7 filter, the hosts allowed to talk to it, _AND_ either the operating system for the LDAP server, or the LDAP server software itself (or a combination).
Presumably physical security can be managed with guards (and preferably not the rentacop variety), but the operating system troubles are difficult. The technique often used here is called fencing- we have a variant on our L7 filter that simply spies on communication with the LDAP server. If a request doesn't match our "allowed" requests, we fence off the LDAP server (possibly by turning the power off), thusly denying access.
So while you can protect against what you don't know, you cannot secure what you don't know you have. If you don't know that you want to keep evildoers from getting/etc/shadow, you have no hope at all.
That said, I'd say the most valuable skill is the ability to read and write code- to the proficiency of being able to audit it.
By this (ridiculous) logic, "very few people actually use" cars.
Oh, do tell, straw man.
I'm amazed at the incesed reaction to this statement.
The statement was about what brand-moniker people recognize as belonging to their computer-tasks. People understand that "Dell" means they get XYZ kind of support, or "Gateway" means their computer has cow-spots. They have no idea what "Windows" brings to them, because they don't recognize the name.
And no wonder: The term "Windows" doesn't add any value to their system. Want proof? Ask anyone who bought a Mac. They made a concious effort to go into that Apple store, something the people who bought a Dell didn't do when chosing "Windows".
So if Windows was never their choice, it should be very easy to replace that "middleware" with something that does what they want, and it's becoming easier every day.
Yeah I know, all 8 of them want it so bad that they are making 800,000 shitty forks on Sourceforge
Actually, that's an excellent example. Forking a codebase usually means that people have different needs than the original author- but that the original author(s) provided a useful enough starting point.
In contrast, non-Free code prevents people from getting their goals accomplished because programmers are less likely to attempt all that extra gruntwork that got the project that was "pretty close" to where it was.
But then they'll bitch if someone uses it and doesn't adopt the cancer that is the GPL.
That's because stealing is wrong.
Or do you have some reason why it's okay for Microsoft to "bitch" about copyright infringement, but not others?
Since when did making money become such a crime?
I fail to see the relevence. GPL software may certainly be sold- and is.
Because it doesn't fit the definition that I provided, and that you agreed to.
You think if it is written for Windows it is a write once never maintain.
No, I said the majority of development is write once never maintain. I said that this fact artificially inflates the "popularity" of Visual Studio and does nothing to demonstrate how useful it is.
Well I got news for you Windows is the top platform right now
In what metric? That it comes preloaded on more machines?
It certainly doesn't handle the largest uptimes or biggest Internet sites.
example of Mozilla isn't even very good since they state they develop Firefox for Windows XP first
So what? They use a unix emulation interface for building and development. Visual Studio isn't used to manage this development whatsoever. Mozilla/Firefox is built using makefiles.
Do a search on Monster or Hot Jobs and see how many jobs there are for.Net development
Why would I do that? It's not relevant at all. I've already conceded that integrated development environments are popular- I've simply never conceded that they're useful. You haven't managed to demonstrate any large scale development efforts that use Visual Studio for development.
Every little Access and VB app
Maybe you misunderstand why I reject them: They do nothing to demonstrate the usefulness of Visual Studio, only it's popularity. I additionally rejected the many millions of shell scripts and awk scripts and sed scripts and so on that have been found on UNIX over the last thirty years. They certainly outnumber Access and VB applications, but I still reject them. Why?
Becuase I don't need them. They are used often enough as part of large build procedures on large development efforts, and those are the ones that demonstrate the usefulness of a development environment.
Look at it this way: Large and small projects are developed on UNIX or using UNIX toolchains. Small and some medium-sized development efforts are done on Windows. There do exist a few large development efforts using the Windows build systems, but they are uncommon, and they don't make up the largest of the development efforts.
By the way, Office team does indeed use Visual Studio. But most of the larger projects inside Microsoft use external build tools as well- and even (gasp) Makefiles. Visual Studio simply isn't adequate for all of Microsoft's development, so why should I think it's adequate for me?
Almost any paid development job is more than just coding.
Agreed. And most development isn't done on Windows.
You may not like VB6 type applications but they fill business needs, and they fall in the definition of development.
Or I might like VB6 type applications just fine. You don't know because you didn't ask and I didn't offer that knowledge because it's not relevant.
Nevertheless, they do not fit the definition of development unless they're engineered and maintained. These write once VB6 or Access applications aren't written by developers.
You think for a minute that the majority of Access or VB6 development involves any amount of analysis whatsoever?
Almost all developer counts include them and I deliberately exclude them. There are loads of them for sure, but they don't demonstrate how easy it is to do development on Windows, but instead how easy it is for non-developers to do non-development on Windows-- something that may and well be a useful metric for something else, but not for this.
You're just plain wrong: The popularity of Visual studio doesn't count for shit because of these knobs that are using it- that aren't doing development.
But the unix development toolchain counts very nicely- because most of the largest development efforts in the world use it.
Tell me, how long do you think the mozilla group would be able to cope with using Visual Studio?
"Free software means that _this_ is what the people want. They want it so bad, they're making it themselves."
Which people? People who have the means and ability to create software. Their motives and goals and abilities vary. Their results vary as widely as with commercial projects.
Results are weakly defined here. Free software developers write for their own use. Many non-Free developers don't use what they write.
Note, Free-software can include commercial software.
"I've already got adequate Free software, that works and does things the way _I_ want to."
You're quite lucky that your needs are simple enough to be satisfied so easily. It certainly isn't because of some ideal notion like "Free software is superior (or even just "adequate", if you wish) because it was spawned by necessity"
I like how you condescend to me by referring to my needs as limited. That definately proves you're right!
Meanwhile, why exactly is it that both Microsoft and Sun Solaris just "have" to ship products with Free software when their commercial offerings are just so much better?
I think developers for Windows are programming productivity tools, games, virus scanners, business apps, etc.
I would agree with that.
I would simply not agree that there are a lot of these developers.
Most people writing software on Windows aren't developers- they're doing something, but I'm certain it's not software development.
Last time I checked Visual Studio was very popular
I'm glad you check often enough that I don't have to.
Fortunately, I measure the usefulness of a development environment not by how many people claim to use it, but how large and useful projects are developed with it.
Fact is, the largest development efforts don't use Visual Studio, Eclipse, JDeveloper, or Delphi, but instead rely on a UNIX toolchain.
The UNIX toolchain has no parallel on Windows- except by emulation. Windows cannot handle pipelines, nor does it have a universal application interface. As a result, lots of software on windows is superfluous and wasteful, and as a byproduct, writing software simply takes more time.
Software Development is a set of activities- besides writing code, that involve engineering, scientific applications, and project management. Most applications do not involve anything more than writing code, and hence, I cannot consider them development efforts.
Wait I guess it is only developing to you if some nerd is sitting in their basement writing a perl script to sort porn files.
Why would you guess that? Would you that much like to be considered a developer?
If you like, I'll make a special exception in my definition- just for you.
Just because you would answer your question with an OS, don't assume that everyone else considers their computer as a Windows or Linux box.
Where did I say I would answer that question with an OS?
Also, don't assume that "the people" have no idea about their own computer or software. Many do,
I didn't assume that. I simply assumed that they don't care, and that hopefully they have something better to do than worry about it.
How many stores can you go to and see Mac or Linux computers being demoed? Very few.
You're answering questions I didn't ask because you have good answers for them.
Developers that write Free software are writing Free software because they want to use it.
For whatever reason- they want to use it. It may be because it's better than some commercial or otherwise non-Free offering. It may be because there is no commercial or otherwise non-Free offering.
Developers of non-Free software want _others_ to use it. This doesn't mean all of them don't want to use it- but at least some of them don't.
So if ALL Free software is what the user wants, and at least SOME non-Free software isn't what the user wants, it would seem that the user is best satisfied by Free software.
Why would anyone want to put money and effort into software that isn't what they want?
they are satisfied with their current applications and OS and have no real motivation to change.
I may despise Windows, but i'll never say it isn't a good OS.
Then you're a tool.
If you want to make money, it's better for development,
That must be why UNIX developers get paid more.
and development tools are easier.
Then why do UNIX developers _willingly_ develop on UNIX, for zero-cost and for Free Software, but rarely do so on Windows?
Windows is better, hands down because everyone knows it,
No, nobody knows it. Many people think they do, but the fact that greater than 20% of Windows users are virus-encrusted zombies, and 60% get regularly spiked with new vulnerabilities, I'd say that at most 20% of Windows users either know Windows, or are lucky. I'd generally vote the latter.
there is a great deal of software support for it
So what? There's a great deal of software support available for UNIX. Generally that support is more reliable as well.
and games are written for it.
So what? Games are also written for UNIX. Games are also written for the Gamecube.
For the techy, however, Linux can be better in that it is control, speed, and reliability.
No, absolutely not. People that use Linux want to use it. There are people who are dedicated to Linux. These people want the Freedoms that are available to them there, and they are building Linux as a desktop and an Operating System themselves. That is, Linux is becomming the operating system that HUMAN BEINGS want to use.
Windows is simply the operating system Microsoft wants you to use, and I'm certain they have your productivity in mind, that's why I spent an hour "activating" Microsoft software today for a client.
Slashdot Mirror
Hi could you give the links to the technology you are using. I am very interested in this field (giving applications less rights than the user). I have not heard of SAKs before.
A SAK is a secure attention key. It's [originally] a hardware device that kills all the processes associated with a given terminal. In Xorg/XFree86 it's Ctrl-Alt-Backspace.
Also, have you come across a way of stopping GUI applications taking over other GUI application via the X protocol?
It's called Xnest.
I, however, run my X sessions over Xvnc so that I can disconnect from them (using the SAK) and reattach after I'm done with my privileged operation.
Deleting everything in my home directory is anything but minimal.
Compared to deleting your entire system?
Nevertheless, why do you run at a privilege level that can delete everything in your home directory? Is it so you can delete _a_ file that you make it possible to delete _any_ file?
This isn't necessary; I regularly run applications with split privilege levels. My "main" account and my "run" account are in the same group. If I need to edit a file, my vi-wrapper gives group-write permissions to the file I'm editing and then drops privileges. Once the vi-wrapper exits, group-write permissions are removed.
The web browser runs as another user- so while I suppose a "virus" could knock out my bookmarks, I actually publish those over the network (so I can share them with my laptop).
My email client uses rsync to download my email. The client itself runs at a reduced privilege. Worst case scenario is that a malicious virus could delete the flags I put on messages so I might forget which ones I replied to (but only on the most recent ones- because I archive my email into files that have been chattr+i.
All in all, this system that I use is fairly immune to viruses. I'm sorry yours is not, but at least you have the ability to make it so on a Unixish system.
You simply don't on a Windows system.
Spam relays and DDOs botnets don't need root access, just the ability to send data over the network
No. They need to do something normal programs on my system do not. The only UDP traffic I generate is DNS traffic, so I suppose they could DOS my dnscache- it just happens to be running on the same machine. Using iptables is easy with owner-matching, and it protects against this very thing.
Meanwhile, my email is sent using serialmail. I'd notice immediately if when I went to send messages, there were an awful lot of them. Other people would to. Why don't you?
How about modifying your GNOME or KDE menu to point to a fake terminal entry or fake admin tools?
Regular users rarely install programs, and I never do. I don't give my run account the ability to modify my menus. It simply can't happen.
Windows lacks "setuid", so it makes my security measures impossible.
How do you know that the "gnome-terminal-emulator" you're now typing your password into (through sudo) isn't actually stealing it?
It's called a SAK. And I don't switch to a more privileged user without it.
So my challenge to you is. . . Prove the Theory of ID is false. Prove Evolution is false. Take your pick. You can't do either.
You're confusing theory in the theological sense, and theory in the scientific sense.
In the scientific sense, theories are useful so long as they provide a mechanism by which additional information can be tested for, and gained.
The theory of evolution- that is, that evolution (the process of natural selection) produced _all_ variances in life- is good because it helps us look for ways to test it and gain new knowledge- such as exactly how that operation occurred in various life forms (the search for so called intermediate or "missing links"), or how to evaluate the usefulness in various parts of the genetic code.
The theory of Intelligent Design doesn't exist in the scientific sense because it doesn't provide any mechanism whatsoever that its effects can be tested, or that knowledge can be gained.
Now theory in the theological sense means something completely different- it's the kind of theory that the universe was created by a flying spaghetti monster and that we true believers that have been touched by His noodly appendage will be treated to a stripper factory and a beer volcano in the afterlife, actually happens to be.
So if Intelligent design is a "theory" - it's the same kind of theory that the FSM is.
Those kinds of theories- however much fun they might be as thought experiments, really aren't useful at all to science because they don't give us a way to test them, or gain new knowledge.
Now as to the big debate: I think "Intelligent Design" should be taught- in theology or religion or thought-experiment class, but it certainly lends no value to biology.
C is not a safe language ... it is a powerful one.
I'd like to take that a point further- there aren't any safe languages.
It's just a whole lot easier to be safe with C because all the machinary is simple, than it is with other languages- that are a lot more complicated (and have more placed for shit to clog something up and blow your face off).
It *is* possible to use the standard C library string functions in a safe manner, but it's difficult and error-prone - and if you make just one mistake, it might well be enough to open an exploitable hole in your program.
That's why isolation is so important. It's not easy, or taught often how to isolate and privilege separate code. As a result, people don't do it.
With isolation the programmer can actively ignore bugs like this and concentrate on other things knowing full well that any bugs there aren't going to turn into security holes.
if you *do* decide to use it after all, you should be aware of its weaknesses and pitfalls so you can avoid them.
You should be aware of all the things your language-of-choice is weak at.
You should also be aware that security is about proving resistance. This is very difficult to do in a managed environment (do you trust your VM?) or when the compiler does things behind your back.
As a result, C is often a better choice for experienced programmers because it is harder to make a bad C compiler than a bad compiler for [most] other languages- including C++- and as a result, there's simply less code to verify in C, than with other languages.
I use C primarily for isolation machinary- simply because that stuff isn't available in other languages- or is harder to get at. As a result, I can write the meat (read: insecure/buggy parts) in other languages as I like, knowing that even if I allow remote code execution to occur in those parts, it still doesn't constitute a security hole.
The string handling functions of the standard C library make it very easy to write unsafe code.
So what?
Secure programming in C tends to avoid using the string handling functions as provided by ANSI and POSIX.
Secure programming in C++ tends to avoid IOS for loss of atomicity.
Secure programming in Perl tends to avoid iterpolation of user-data.
Secure programming in any language tends to involve avoiding the mechanisms that are difficult to verify correctness with.
Indeed: the most secure programming languages are the ones where correctness is easiest to verify- to do so in Java or Perl means verifying the VM and runtime, and to do so in C++ means finding that rare soul that actually understands what kind of nonsense the compiler is doing behind your back.
That is to say that C is one of the best languages to use for secure software- not the worst- simply because it's easier to verify correctness on the whole, than with other languages and runtimes.
The example of the image viewer that reads from an untrustworthy source is an excellent one- the Image viewer can be written in any language they like- and could have dozens of bugs and still not be a security risk if the application were run with a restricted uid and had no file or network I/O access.
This could be done by splitting the application into several parts- one that represents the file I/O, one that represents decoding, and one that blits to the screen. The part that represents decoding is probably the hardest to verify, so it would be limited to pure CPU operations, reading bits from an existing pipe (from the file I/O part) and writing bits out to another existing pipe (representing the blitter).
This approach works well, and believe it or not, in a world of increasingly multi-core and multi-processor systems, it's actually faster.
Right. Just so we're clear, you think root exploits are better to have than spam.
.qmail file egreps), my spam levels (spamassassin, dcc, and a few other things), and I don't upgrade so your other shit is moot anyway.
/etc/init.d or /etc/rc- so I don't have any ignorance getting in my way.
/etc/inittab aren't as great- but almost nobody uses /etc/inittab for some paranoid (read: stupid) reason.
/etc/inittab when not available.
Here's the problem: You also think other people make that decision too.
I don't have a problem with address blocking (tcprules, badmailfrom, rbls, and
I also understand what djb's reasoning for daemontools is, and I understand exactly how it's better than
I think the benefits over
I also have zero "patches" applied to Qmail.
Zero upgrades is NOT a good thing. It means you aren't able to keep up with the changing landscape of email.
No it doesn't. Qmail allows users to "keep up" by being modular. I replace and augments the pieces that I'm interested in changing. Sendmail makes that impossible by not being modular, and it has rootable exploits - as you say, recently about "every 2.5 years".
Really, init.d sucks, I don't even bother using it anymore. Daemontools is great,
This was not a smart move. The bullies decided that since I was no longer an easy target, they would after my little brother. They locked him in a room with several guys twice his size and they proceeded to beat the crap out of him. He was a mess once they were finished with him, and I had a breakdown as a result.
That's when you go and shoot them.
The administration failed you. Your parents failed you. Your community failed you.
After you shoot them, Michael Moore will come to your town and make a documentary on how "surprised everyone was that it happened in their home town".
You'll have the last laugh though- so completely detached from reality that you'll think you're on a game show having a real good time, I'm sure.
Seriously though: It really sucks what happened to you, but believe it or not- society HAS gotten better. There were gangbangers and kids bringing guns to school 40 years ago, and it'll still happen 40 years in the future.
The difference is that with mass media, and people like Michael Moore, your whole life might be to serve as a warning for others.
Don't like guns? Fine. Drive a truck through their house. Years of abuse and sadism made you do it. Get on TV. Fuck their families up they way they screwed up your brother. Bomb their whole fucking neighborhood. Or just take a baseball bat.
You might end up well adjusted like some of these people who (apparently) post on this thread, and you might end up in jail. They won't hurt others any more, and chances are you won't either.
It has been said that your life and your feelings are only as valuable as you think they are, but more to the point, everyone elses' life and feelings are only as valuable as you think they are also.
So you'd rather have a root whole every 2.5 years?
I mean, once qmail is installed- I don't have to mess with it. Zero upgrades is a good thing in this situation.
Face the facts here. Qmail and Postfix certainly have their uses, and are both excellent MTAs, but neither is "way better" than Sendmail for all installations. We each have our own requirements, and Sendmail meets those requirements for a lot of my installations.
No, what you mean to say, is neither is a complete replacement for Sendmail. And that's true- Sendmail does things that Qmail and Postfix don't do.
Unfortunately, that's [also] part of the problem. Sendmail is so much more complicated, that it's harder to audit- and being a single giant ball unnavigatable feces, you should never reprimand anyone for trying to get away from it- nay, you should be attempting to get away from it yourself!
The trick is to see if your messaging infrastructure can be expressed in terms of Qmail and Postfix. If it can (and it usually can) then you'll be much happier because your infrastructure will be much simpler and easier to audit.
It'll also show you exactly what needs to change- for me, it was stronger controls over delivery scheduling. But because Qmail is modular, I could simply change that part and wasn't tied otherwise to the crap that is Sendmail.
Basically Sendmail was written in the age when moving mail from place A to B actually was difficult
No. Sendmail was written when moving mail was easy- they just thought it was going to get harder so they overengineered it.
The whole message rewriting header/scrambling thing has NEVER been needed to transfer to/from uucp hosts, the 7bit fantasy network, or other messaging networks- it was ALWAYS performed in the gateways to those other networks.
Source routes should never have existed- There should never have been a reason why the person sending the message might know more about the messaging server than the server itself.
There's no reason a user should ever send mail to a program- users only ever sent mail to addresses, and by exposing programs as "a special kind of address" - they made it possible to yes, use UUCP without the mail administrators' permission, but they also opened the whole slew of bugs in sendmail that popularized the mid '90s.
Sendmail _never_ had to be this complicated. They did it this way because of equal parts stupidity and hubris, and pretending it was anything else means it'll happen again (see IPV6 for more details).
By the way, I've had zero difficulty getting qmail- which itself doesn't understand how to send mail over uucp, Fido or Citnet, to actually transfer mail bidirectionally with all of these networks. Love or hate qmail, if the naive mailbox-to-user approach was good enough for all these networks, it would've worked for sendmail.
I have 20 Linux servers pointed towards the internet. Six of them carry mail via sendmail. One rootable vulnerability in 2.5 years is FREAKING HEAVEN.
Switch to qmail.
Zero vulnerabilities- and zero root-vulnerability potential in 9 years should give you an orgasm.
development on Win is B-O-R-I-N-G
This I certainly agree with. It's a lot of tedius fixups and extra code writing that simply isn't necessary on UNIX. If my icons come in SVG format, I need a little machinary to get them into the formats the rest of my build procedure understands. This machinary is free on UNIX (because it's a part of normal UNIX usage), but extremely expensive on Windows- in terms of extra code written, and increased learning curve.
A word to windows-only programmers: Windows is good and pays well, but try out Linux programming.
Except good UNIX developers make more than good Windows developers. Even Microsoft has said so (although their point was management has to pay Windows developers less... so their costs are lower)
Really, the pay is better, it's more enjoyable, just- why would anyone want to develop on Windows?
At least one good thing can be said for the Windows-based sites, they do actually do something.
Yup. They get defaced and broken down more than any other system. That despite not having a majority.
most of the windows-hosted sites are ecommerce
Err, no they're not. As the article points out, most windows-hosted sites are parking pages.
Strip out all the 1-page personal websites where you have a thousand hosted on 1 server by the huge hosting companies (eg 1&1) and you'd have a pitiful number left.
While we're at it, let's "strip out" anything else that disagrees with your pretension that Windows are superior.
Let's group all Windows platforms together, and separate all unixish platforms.
Let's ignore any site that didn't pay for vendor assistance! (after all, they're not doing business)
Let's ignore any site that didn't sign up for the survey with a Microsoft browser (after all, they're evil hackers!)
Or do you really believe that it's easier to manage 10,000 customer sites with different needs, than it is to manage one site, with a single need, and lots of lead time before changes?
It is a pity Netcraft don't release their SSL site survey as I think that would be a lot closer to a 50/50 split.
Lemmie guess, one of those gut feelings right?
Or maybe you're basing this on the free report they published in November 2004, you know, when RSA was still patented and you had to get a commercial license to use SSL?
You can't protect against what you don't know
/etc/shadow, then all you need to do is provide a guarantee by which no access to /etc/shadow is possible that can be manipulated by an evildoer.
/etc/shadow in LDAP. This is fine- it may be easier to secure your LDAP server than it is to make sure there's no way to get user root or group shadow on your servers.
/etc/shadow, right?
/etc/shadow, the evildoer needs to bypass physical security, _or_ mangle the operating system of the L7 filter, the hosts allowed to talk to it, _AND_ either the operating system for the LDAP server, or the LDAP server software itself (or a combination).
/etc/shadow, you have no hope at all.
You most certainly can!
It's called a proof, and it's just as valuable in secure systems as it is in mathematics.
Instead, you figure out what you want to protect against, and prove that your system is safe from that.
For example: if you want to protect against evildoers getting the contents of
It's very often that the best way to do this is to move the resource into a more restricted area- for example, put
At this point, if no one has access to the LDAP server, then no one has access to the
So how do we make sure that no one can manipulate the LDAP server to give out extra information.
One very popular way to do this is with layer-7 filters. Now "all" we need to do is make sure that the layer-7 filter is secure.
Writing a layer-7 filter like this is easy, and can be done in a few hours- including auditing.
At this point, if restricted otherwise by physical security, we can prove that in order to get
Presumably physical security can be managed with guards (and preferably not the rentacop variety), but the operating system troubles are difficult. The technique often used here is called fencing- we have a variant on our L7 filter that simply spies on communication with the LDAP server. If a request doesn't match our "allowed" requests, we fence off the LDAP server (possibly by turning the power off), thusly denying access.
So while you can protect against what you don't know, you cannot secure what you don't know you have. If you don't know that you want to keep evildoers from getting
That said, I'd say the most valuable skill is the ability to read and write code- to the proficiency of being able to audit it.
Has Microsoft EVER released anything that was ON TIME?
Given how many security updates come out the first day that they do release something, would you really want them releasing any sooner?
By this (ridiculous) logic, "very few people actually use" cars.
Oh, do tell, straw man.
I'm amazed at the incesed reaction to this statement.
The statement was about what brand-moniker people recognize as belonging to their computer-tasks. People understand that "Dell" means they get XYZ kind of support, or "Gateway" means their computer has cow-spots. They have no idea what "Windows" brings to them, because they don't recognize the name.
And no wonder: The term "Windows" doesn't add any value to their system. Want proof? Ask anyone who bought a Mac. They made a concious effort to go into that Apple store, something the people who bought a Dell didn't do when chosing "Windows".
So if Windows was never their choice, it should be very easy to replace that "middleware" with something that does what they want, and it's becoming easier every day.
Yeah I know, all 8 of them want it so bad that they are making 800,000 shitty forks on Sourceforge
Actually, that's an excellent example. Forking a codebase usually means that people have different needs than the original author- but that the original author(s) provided a useful enough starting point.
In contrast, non-Free code prevents people from getting their goals accomplished because programmers are less likely to attempt all that extra gruntwork that got the project that was "pretty close" to where it was.
But then they'll bitch if someone uses it and doesn't adopt the cancer that is the GPL.
That's because stealing is wrong.
Or do you have some reason why it's okay for Microsoft to "bitch" about copyright infringement, but not others?
Since when did making money become such a crime?
I fail to see the relevence. GPL software may certainly be sold- and is.
Where is your fact this isn't development.
.Net development
Because it doesn't fit the definition that I provided, and that you agreed to.
You think if it is written for Windows it is a write once never maintain.
No, I said the majority of development is write once never maintain. I said that this fact artificially inflates the "popularity" of Visual Studio and does nothing to demonstrate how useful it is.
Well I got news for you Windows is the top platform right now
In what metric? That it comes preloaded on more machines?
It certainly doesn't handle the largest uptimes or biggest Internet sites.
example of Mozilla isn't even very good since they state they develop Firefox for Windows XP first
So what? They use a unix emulation interface for building and development. Visual Studio isn't used to manage this development whatsoever. Mozilla/Firefox is built using makefiles.
Do a search on Monster or Hot Jobs and see how many jobs there are for
Why would I do that? It's not relevant at all. I've already conceded that integrated development environments are popular- I've simply never conceded that they're useful. You haven't managed to demonstrate any large scale development efforts that use Visual Studio for development.
Every little Access and VB app
Maybe you misunderstand why I reject them: They do nothing to demonstrate the usefulness of Visual Studio, only it's popularity. I additionally rejected the many millions of shell scripts and awk scripts and sed scripts and so on that have been found on UNIX over the last thirty years. They certainly outnumber Access and VB applications, but I still reject them. Why?
Becuase I don't need them. They are used often enough as part of large build procedures on large development efforts, and those are the ones that demonstrate the usefulness of a development environment.
Look at it this way: Large and small projects are developed on UNIX or using UNIX toolchains. Small and some medium-sized development efforts are done on Windows. There do exist a few large development efforts using the Windows build systems, but they are uncommon, and they don't make up the largest of the development efforts.
By the way, Office team does indeed use Visual Studio. But most of the larger projects inside Microsoft use external build tools as well- and even (gasp) Makefiles. Visual Studio simply isn't adequate for all of Microsoft's development, so why should I think it's adequate for me?
Almost any paid development job is more than just coding.
Agreed. And most development isn't done on Windows.
You may not like VB6 type applications but they fill business needs, and they fall in the definition of development.
Or I might like VB6 type applications just fine. You don't know because you didn't ask and I didn't offer that knowledge because it's not relevant.
Nevertheless, they do not fit the definition of development unless they're engineered and maintained. These write once VB6 or Access applications aren't written by developers.
You think for a minute that the majority of Access or VB6 development involves any amount of analysis whatsoever?
Almost all developer counts include them and I deliberately exclude them. There are loads of them for sure, but they don't demonstrate how easy it is to do development on Windows, but instead how easy it is for non-developers to do non-development on Windows-- something that may and well be a useful metric for something else, but not for this.
You're just plain wrong: The popularity of Visual studio doesn't count for shit because of these knobs that are using it- that aren't doing development.
But the unix development toolchain counts very nicely- because most of the largest development efforts in the world use it.
Tell me, how long do you think the mozilla group would be able to cope with using Visual Studio?
How about Linux?
How about Apache?
How about AOLServer?
How about PostgreSQL?
How about MySQL?
How about Oracle?
How is it you give a example?
knob.
Results are weakly defined here. Free software developers write for their own use. Many non-Free developers don't use what they write.
Note, Free-software can include commercial software. You're quite lucky that your needs are simple enough to be satisfied so easily. It certainly isn't because of some ideal notion like "Free software is superior (or even just "adequate", if you wish) because it was spawned by necessity"
I like how you condescend to me by referring to my needs as limited. That definately proves you're right!
Meanwhile, why exactly is it that both Microsoft and Sun Solaris just "have" to ship products with Free software when their commercial offerings are just so much better?
Knob.
I think developers for Windows are programming productivity tools, games, virus scanners, business apps, etc.
I would agree with that.
I would simply not agree that there are a lot of these developers.
Most people writing software on Windows aren't developers- they're doing something, but I'm certain it's not software development.
Last time I checked Visual Studio was very popular
I'm glad you check often enough that I don't have to.
Fortunately, I measure the usefulness of a development environment not by how many people claim to use it, but how large and useful projects are developed with it.
Fact is, the largest development efforts don't use Visual Studio, Eclipse, JDeveloper, or Delphi, but instead rely on a UNIX toolchain.
The UNIX toolchain has no parallel on Windows- except by emulation. Windows cannot handle pipelines, nor does it have a universal application interface. As a result, lots of software on windows is superfluous and wasteful, and as a byproduct, writing software simply takes more time.
Software Development is a set of activities- besides writing code, that involve engineering, scientific applications, and project management. Most applications do not involve anything more than writing code, and hence, I cannot consider them development efforts.
Wait I guess it is only developing to you if some nerd is sitting in their basement writing a perl script to sort porn files.
Why would you guess that? Would you that much like to be considered a developer?
If you like, I'll make a special exception in my definition- just for you.
Just because you would answer your question with an OS, don't assume that everyone else considers their computer as a Windows or Linux box.
Where did I say I would answer that question with an OS?
Also, don't assume that "the people" have no idea about their own computer or software. Many do,
I didn't assume that. I simply assumed that they don't care, and that hopefully they have something better to do than worry about it.
How many stores can you go to and see Mac or Linux computers being demoed? Very few.
You're answering questions I didn't ask because you have good answers for them.
Developers that write Free software are writing Free software because they want to use it.
For whatever reason- they want to use it. It may be because it's better than some commercial or otherwise non-Free offering. It may be because there is no commercial or otherwise non-Free offering.
Developers of non-Free software want _others_ to use it. This doesn't mean all of them don't want to use it- but at least some of them don't.
So if ALL Free software is what the user wants, and at least SOME non-Free software isn't what the user wants, it would seem that the user is best satisfied by Free software.
Why would anyone want to put money and effort into software that isn't what they want?
they are satisfied with their current applications and OS and have no real motivation to change.
Really?
So why are they changing?
What would you say those people are doing?
Reinstalling?
I may despise Windows, but i'll never say it isn't a good OS.
Then you're a tool.
If you want to make money, it's better for development,
That must be why UNIX developers get paid more.
and development tools are easier.
Then why do UNIX developers _willingly_ develop on UNIX, for zero-cost and for Free Software, but rarely do so on Windows?
Windows is better, hands down because everyone knows it,
No, nobody knows it. Many people think they do, but the fact that greater than 20% of Windows users are virus-encrusted zombies, and 60% get regularly spiked with new vulnerabilities, I'd say that at most 20% of Windows users either know Windows, or are lucky. I'd generally vote the latter.
there is a great deal of software support for it
So what? There's a great deal of software support available for UNIX. Generally that support is more reliable as well.
and games are written for it.
So what? Games are also written for UNIX. Games are also written for the Gamecube.
For the techy, however, Linux can be better in that it is control, speed, and reliability.
No, absolutely not. People that use Linux want to use it. There are people who are dedicated to Linux. These people want the Freedoms that are available to them there, and they are building Linux as a desktop and an Operating System themselves. That is, Linux is becomming the operating system that HUMAN BEINGS want to use.
Windows is simply the operating system Microsoft wants you to use, and I'm certain they have your productivity in mind, that's why I spent an hour "activating" Microsoft software today for a client.