It's at least as accessible to me as Pro Tools. I can't speak for Reason or Cubase, but Pro Tools wasn't too obvious. Are you sure you aren't just used to these tools?
UAC does not require ctrl+alt+del, does it? I already said: unbindable key combination. Also, everything but the password dialog should be blanked out.
As it is, UAC can probably be defeated by spawning a fake dialog, asking for a password, then using that password to gain full access -- not to mention any other services they use the same password for.
Kind of like how running as a user is not that much more secure than running as root, if your su password can be intercepted.
One more problem: You can't simply have the dialog go away if the password is entered correctly; there must be some sort of confirmation that the user is trained to look for, and it must be displayed (always on top). Otherwise, an app could just swoop in after the UAC dialog and tell you that you've mistyped your password.
A simple solution for Linux would look like this: App sends request to sudo server. Sudo server alerts user through a system tray icon or other notification. User presses ctrl+alt+f8, which switches to another VT where the sudo server has launched a dialog. (Switch should be fast enough or obvious enough that an app has zero chance of winning any kind of race.) User clicks allow or deny, and the sudo server switches the user back to VT 7 and their normal X session.
I don't think ctrl+alt+f8 can be intercepted by X apps, and I know a normal user can't switch terminals -- you have to be root for that. Thus, this would provide quick and painless escalation, without even requiring a password. The real challenge will be representing the requests accurately and simply enough that the user won't be confused.
I don't think it is possible for any system to be secure without something that drastic to tell you you're talking to root now. Otherwise, what's to stop the program from "clicking" the "allow" button? What's to stop the program from popping a window in front of it, with some sort of control lined right up with "allow" in the UAC dialog, but the control is actually a hole in the window? I believe Windows does allow you to click through holes in oddly-shaped windows.
Yes, that would allow me to run OS X and Linux simultaneously, which is kind of what I want, but I doubt I'd boot it much if I had Linux working well enough to try. There aren't many Mac-only apps I need, and if there were, I'd hate MOL because of no GL acceleration for OS X.
Sadly, while my wireless seems mostly OK, I'm still having huge issues with my trackpad.
There actually is something called sysrq, which might concievably be used to create this functionality. Ctrl+alt+backspace isn't it. You may be thinking of ctrl+alt+fn, where n is a number from 1-12. That would actually be useful, but that isn't quite the password prompt I was looking for. I'd rather have it not be a password prompt, simply a dialog box that truthfully represents which app it is and what it's trying to do.
And no, this can't simply be done with another X server. Another X server may be a useful component -- emphasis on "may", since it would flicker the screen annoyingly, but fast user switching on Linux does that too -- but we need programs to be able to send requests to some sort of sudo server, which then prompts the user (on the other terminal) with exactly what was requested and which app requested it, and allow the user to set policies.
It would be more useful if the window manager (being the first X client started, thus sort of an X version of init) could guarantee that a particular keystroke will never be caught by another app.
Actually, Vista seems closer to being able to do this, but I don't think they require a keystroke.
This has got to be the most obnoxious thing people do on Slashdot. Yes, I got the joke. It was funny, I laughed. My comment is also actually relevant to the discussion.
But still faster than running Windows under qemu. Also, if OpenGL worked (also a big if), I could play games which are graphically intensive but light on the CPU.
And it was a pretty old game I wanted to make this work for.
If you assume Average Joe doesn't get even the least suspicious when something asks him for a password, then Average Joe is doomed.
Think about it. Average Joe will demand admin access in order to change settings and install software. So we have to choose between removing that access entirely (so there's no password for Joe to type), or praying that Joe is smart enough to realize he's giving something admin access.
Really, can you possibly think of a solution to this kind of stupidity? Hell, I could simply craft a website -- maybe a Flash page -- that looks just like the Ubuntu password prompt. That way, I don't even need local user access.
I say this solution is reasonably secure because we don't really have anything more secure. Kind of like how Democracy sucks, but it's also the best we've got.
It used to be risky. Password hashes used to actually be stored in/etc/passwd, where anyone could read your password hash. If there was a weakness in the hash algorithm, or your password was particularly short, they could brute-force it that way -- hence, "time consuming".
On most modern systems, it is also impossible, because the actual password hashes have been moved to/etc/shadow.
If you are root, you can still attempt to brute-force them -- which would be time-consuming and almost never has a point. If you're hoping they use the same password elsewhere, you can simply install a keylogger -- which is assuming you weren't smart enough to do that when they first set their password. If you simply need access to their account, you can su in. If you need to reset their password, you can do that as root without knowing the original password.
Which means that this whole system is about as exploitable as an "exploit" which gives you root access, but which only works if you're already root.
My copy of TFA won't be done downloading for another 15 mins, so I'll take your word for it. Just checking, though: Does this exploit require you to be able to insert a custom module? Or does it simply require binfmt_misc?
If it's an "exploit" resulting from inserting a custom module, then I doubt anyone will change anything, because this is not a vulnerability.
As someone else mentioned, Linspire has not done this in a long time. In fact, I believe they've never actually released a stable version that ran as root. They just (quite retardedly) went around claiming that running as root was secure, in defense of what they did once, in a development version, likely never seen by Average Joe.
It should be secure for Average Joe. He might not be running Linux now, but it should be the goal.
If that's the goal, Average Joe can fire up Ubuntu, right now. Ubuntu never tells the user anything about root, but requires the user to enter their own password occasionally, so that sudo can grant privileges to change critical system settings, install software, etc. This is the same model OS X uses, yet Ubuntu is more secure, because installing new apps does not necessarily require downloading and executing unverified executables.
Why should a secure system never allow a process to increase privileges? I think we just need a secure way to make sure the user knows exactly what's going on every time a process attempts to. For instance -- I think there's a word for this -- create an unbindable key combination, and every time you see a security prompt, press that to make sure it's valid. Or use it to enter your password. Or better -- have a completely separate UI, accessible through said unbindable key combination, so security prompts now tell you "press ctrl+alt+del, then give us access".
And of course, not all setuid is evil. Look at passwd -- it becomes root, but it knows who you were, and exactly what areas of/etc/passwd and/etc/shadow you should be allowed to change.
This argument has been tried over and over again. It is prohibitively difficult to make an attack like this work.
The only way I know of to change the user's password requires the user to type their password.
Yes, you could use a keylogging-type attack, but sudo does make this prohibitively slow unless you really know what you're looking for. Even if you do, you still have to wait for the user to answer a sudo prompt.
You could theoretically crack the user's password from the password hash, but this is both time consuming and impossible --/etc/shadow is not readable by ordinary users.
Beyond this, you could try a phishing attack -- put up your own sudo-like prompt and hope they bite -- but that's about it.
How would you propose to remedy this situation? Do you switch to another VT or use a magic sysrq key everytime you become root?
In theory, with a lot of work, they could compile Wine for PPC. I believe the Darwine project did this originally.
And run PPC Windows apps.
Since Microsoft doesn't sell a Windows for PowerPC, this makes Wine+PPC wholly useless. It makes sense if you want to recompile your Windows app with Winelib to run on your Mac, but that's also pretty useless -- if you have the app's source, why not port it properly? Why not write a WXWindows app in the first place?
For running an x86 app on a PPC, you need an emulator, not just Wine. I think it may be possible to run a modified qemu that only runs a single app (not a whole OS, thinks it's part of the native OS, etc), and run Wine under that. It would, however, be at least as slow as, say, VirtualPC or qemu anyway.
I'm actually going to try to run wine on a G4, at some point. The plan is to install a Linux and get that working first, then qemu. I believe qemu can emulate a CPU for user-level apps, thus meaning I should be able to run an x86 wine, under qemu, under my ppc Linux. And then run a Windows app under that.
They'll fix it out of pride, and because it's the right way to do it. That's assuming this is actually a flaw -- a buffer overrun or something. For instance, if it's some retard saying "Oh cool, I can install a rootkit by changing a couple of bits here in/dev/kmem", then no, they won't fix it. But if it only requires access to, say, the binfmt_misc filesystem, then it is a bug.
And it's important to remember things like this when you see Symantec, Microsoft, and others trying to spread FUD about Linux security. If anyone cares about this bug at all, even just as a matter of keeping the code neat, it will be fixed -- but it will also drive up the numbers of "Linux exploits patched recently". Always, always, always look at the relative severity of the exploits.
Depends on the friends and the distro, but let's see. Debian prompts you to set up an ordinary user/password, as well as a root password. Gentoo does the same, only via documentation, not an installer. And Ubuntu, the distro most friends would send noob-friends to, does not set up a root password at all -- all root access on Ubuntu has to go through sudo.
Most Windows/IE attacks don't require you to even have local access, let alone root.
From what I understand, without reading TFA (currently slashdotted), all you have to do to prevent this attack is to disable binfmt_misc. I believe the attack is works even if module loading is disabled, so long as binfmt_misc is loaded or compiled in.
Solution: Don't give your chroot jail access to the binfmt filesystem. I'm not sure how this can be done, though, as root is allowed to mount pretty much whatever it wants.
Real solution: Don't bother to compile in binfmt support. The only reason for the kernel to recognize any format other than elf or a.out is to call an interpreter to run that file with elf or a.out. Every shell I know of recognizes the shebang at the beginning of most scripts (perl/python/ruby/bash), and you generally launch programs through the shell. Most people will be running programs from the GUI, where this is even less of a problem -- for the most part, they'll be clicking on icons which contain a command like "perl/usr/bin/foo.pl" or whatever.
However, I'd like to actually read the PDF and find out if I'm right about this. Damn Slashdotting.
You didn't like Heretics, either? I thought there were at least a few things to like:
"Agility!" Lucilla allowed her tone to convey the full weight of a Reverend Mother's outrage. No matter that this might be what Sirafa hoped to achieve, she had to be put in her place! "Agility, you say? I can control genital temperature. I know and can arouse the fifty-one excitation points....
The original was the best, I'll admit, but Heretics was good, and I'm enjoying Chapterhouse well enough.
I have never attempted to use religion to justify any of my positions. It's always a losing proposition because not even practitioners of the same religion can agree on every point.
And yet, you do speak of "redemption".
So what are you using, other than religion, to justify your position on marriage? A dictionary?
I never said that it did. Please stop trying to put words in my mouth.
Fair's fair, you've put at least as many in my mouth: "So when should we round up undesirables for euthanization?"
No such examples exist. That is why you can't think of any.
What is your basis for this belief?
She had severe brain damage and a large portion of her brain tissue had died and was replaced by spinal fluid. That's not the same thing as being completely vegetative with "no brain at all".
How large a portion? I'd say large enough to not be human, by your own definition. According to Wikipedia:
In October 2002, on remand by the Second District Court of Appeal, an evidentiary hearing was held in Judge Greer's court to determine whether new therapy treatments could help Schiavo restore any cognitive function. In preparation for the trial, a new computed axial tomography scan (CAT scan) was performed, which showed severe cerebral atrophy. An EEG showed no measurable brain activity. The court viewed a six-hour tape of Schiavo and concluded that her vegetative condition was factual and not subject to legal dispute.
Emphasis mine.
Even disregarding that, enough of her brain was damaged that I would call her brain-dead:
The long period without oxygen led to profound brain injury ("anoxic-ischemic encephalopathy" noted at autopsy), severely damaging those parts of the brain [4] concerned with cognition, perception, and awareness.
Now, tell me, what is life without cognition, perception, and awareness? I suppose it's theoretically possible that she had dreams of emotion, but certainly there was no "rich inner life". Even if she could be restored to a functioning human, she would not be Terri Schiavo. Terri Schiavo was already dead when the tube was pulled.
At least we agree she was not going to recover. I would say, however, that we were not letting someone die from lack of substinance. Rather, we were letting something die -- an empty shell of a human being, no soul left inside, if you believe in souls. No ghost in this shell.
I'm suggesting that if you believe that it's ever acceptable to euthanize innocent human beings that you are beyond redemption.
All absolute rules are false, including this one. We are not likely to find very many human beings, conscious or not, that I would euthanize. And yet, I'm sure we both have enough imagination to find some examples where it would be inhuman not to.
A soldier. You said innocent, so he is -- this is his first combat experience, and he hasn't fired a shot yet when a grenade takes off both his legs and sends shrapnel through his intestines. A field medic quickly determines that he's going to die a slow, painful death. Meanwhile, the enemy is moving in, so you don't even have time to give him something to dull the pain. He says "Kill me." What do you do?
How far gone does a head have to be before you'll say the person is dead? Twenty years from now, and we're capable of keeping a body alive. Someone's been decapitated, but we've got a computer hooked up to them, touching their nerves, so their heart still beats, and their body is still alive. Again, for the sake of argument, assume they are innocent. Is there any value in keeping them alive? Are ganglia throughout their body enough to claim there's a human mind in there?
A genetic engineering failure. He'll never be capable of reproduction, he's hideous, he needs drugs to surv
Sounds just like me. Yes, I do better than most people on my first draft. I also completely lack revision skills, but I'm getting some practice at that by letting my work sit for a few months or a year until I can't stand it anymore. I can't stand my 15-year-old brother. I certainly can't stand my own writing at 15.
Therein lies the problem. People with an agenda will always find ways to "misunderstand" that which should be crystal clear.
We should still try to find a way to make it crystal clear. If the above is enough to stop us, then by that logic, we should have no laws whatsoever, because someone with an agenda will always find ways to misunderstand them.
Freedom of religion is not freedom from religion. I suspect that you already know this. But in case you do not, the "separation of church and state" crowd most often mentions the establishment clause but they convienently forget the next part that protects "the free exercise thereof".
I think we need to give this some context, because I'm losing the plot. How many religions demand that the state do... um... anything at all? The only place I can think of where "free exercise thereof" did entail changing government is Sharia Law.
There are other, smaller examples. Native Americans have been granted rights to kill endangered animals, for instance -- I can't remember what tribe, but I think it was the Bald Eagle.
However, I fail to see where this relates to what we were talking about. Take marriage: How does having the state recognize your marriage make it any more of a "free exercise" of your religion? Credit ratings, tax breaks, etc -- can you show me these in your scripture? Supposing the state only recognizes your marriage as a "civic union" -- in what way does this restrict your free exercise of religion?
Also, as I understand it, free exercise of religion, like most other freedoms in the US, is limited where it would limit the freedoms of others. Put simply, if the neighbors up the street have a religion that encourages their same-sex union, even (gasp!) calls it a marriage, then having your kind of marriage accepted and theirs rejected is restricting the free exercise of their religion.
This is just as true when it comes to infringing on other basic legal issues. For instance, in your own Bible, you will find that gays must be killed, by the word of the Lord. However, if you kill them, you will rightly be convicted of murder, and no amount of screaming about religion is going to help you as long as we can still call this America.
And certainly, "free exercise thereof" doesn't guarantee the government will help you. The full sentence is something like "Congress will pass no law prohibiting a religion or the free exercise thereof..."
Not everyone who is raped or murdered in prison is a murderer. I'd be willing to bet dollars to donuts that murderers are less likely to be victimized than non-violent inmates.
Which is why I suggest that people we would ordinarily put on death row should be separated from everyone else.
I'll bet most of them would rather be alive and raped than dead.
I'd take that bet.
You'd give up that quickly? Where there is life, there is hope. (And of course, you won't give up on that "baby".)
Alright, try this: Assume the victim is innocent. Evidence could theoretically be uncovered that would set him free. Once free, I'll bet they'd be glad to be alive.
Now, assume the victim is guilty. In this case, punishment is not supposed to be fun. I am not condoning rape, but I would suggest that the damage done to society here is minimal -- it hurts people who would otherwise be long dead by now, and who will never be released back into society.
You can't come up with any specific examples because none exist.
Wow. Just wow. You never studied any philosophy, did you?
I feel completely confident taking this out of context here. That I can't come up with any specific examples does not, ever, mean that I can be sure none exist.
Or maybe I should put this into a context you'll hate: Does God exist and perform miracles? You can't
I don't do second drafts. I have never been published, because I rarely finish first drafts of anything long enough.
The reason I don't do second drafts is not out of shame. It's directly related to my writing style. I give myself a good keyboard, maybe some caffeine (or maybe not), and a half hour or an hour of time to kill, and I just write. Stream of consciousness. Brain to text file.
Between revising on the fly, much the same way I might correct a typo while touch-typing (actually typed "whil ", then backspaced and added the silent 'e' there), pauses for introspection, and small revisions on a first read-through, that particular piece of writing gets about as good as it's going to. I may make incremental improvements, rewriting a paragraph at a time, inserting something here, ripping out something there, but usually nothing significant.
I suspect this is either because of some subtle and psychological fear of screwing up my work (thank God for version control), or simply that this has always been my style, and I have never been good at massive revisions.
If I could write the way I program, I might have two or three drafts, but that's it. Maybe even less -- I suddenly have this urge to prove the grandparent wrong by publishing a first draft.
It's at least as accessible to me as Pro Tools. I can't speak for Reason or Cubase, but Pro Tools wasn't too obvious. Are you sure you aren't just used to these tools?
UAC does not require ctrl+alt+del, does it? I already said: unbindable key combination. Also, everything but the password dialog should be blanked out.
As it is, UAC can probably be defeated by spawning a fake dialog, asking for a password, then using that password to gain full access -- not to mention any other services they use the same password for.
Kind of like how running as a user is not that much more secure than running as root, if your su password can be intercepted.
One more problem: You can't simply have the dialog go away if the password is entered correctly; there must be some sort of confirmation that the user is trained to look for, and it must be displayed (always on top). Otherwise, an app could just swoop in after the UAC dialog and tell you that you've mistyped your password.
A simple solution for Linux would look like this: App sends request to sudo server. Sudo server alerts user through a system tray icon or other notification. User presses ctrl+alt+f8, which switches to another VT where the sudo server has launched a dialog. (Switch should be fast enough or obvious enough that an app has zero chance of winning any kind of race.) User clicks allow or deny, and the sudo server switches the user back to VT 7 and their normal X session.
I don't think ctrl+alt+f8 can be intercepted by X apps, and I know a normal user can't switch terminals -- you have to be root for that. Thus, this would provide quick and painless escalation, without even requiring a password. The real challenge will be representing the requests accurately and simply enough that the user won't be confused.
I don't think it is possible for any system to be secure without something that drastic to tell you you're talking to root now. Otherwise, what's to stop the program from "clicking" the "allow" button? What's to stop the program from popping a window in front of it, with some sort of control lined right up with "allow" in the UAC dialog, but the control is actually a hole in the window? I believe Windows does allow you to click through holes in oddly-shaped windows.
Yes, that would allow me to run OS X and Linux simultaneously, which is kind of what I want, but I doubt I'd boot it much if I had Linux working well enough to try. There aren't many Mac-only apps I need, and if there were, I'd hate MOL because of no GL acceleration for OS X.
Sadly, while my wireless seems mostly OK, I'm still having huge issues with my trackpad.
There actually is something called sysrq, which might concievably be used to create this functionality. Ctrl+alt+backspace isn't it. You may be thinking of ctrl+alt+fn, where n is a number from 1-12. That would actually be useful, but that isn't quite the password prompt I was looking for. I'd rather have it not be a password prompt, simply a dialog box that truthfully represents which app it is and what it's trying to do.
And no, this can't simply be done with another X server. Another X server may be a useful component -- emphasis on "may", since it would flicker the screen annoyingly, but fast user switching on Linux does that too -- but we need programs to be able to send requests to some sort of sudo server, which then prompts the user (on the other terminal) with exactly what was requested and which app requested it, and allow the user to set policies.
It would be more useful if the window manager (being the first X client started, thus sort of an X version of init) could guarantee that a particular keystroke will never be caught by another app.
Actually, Vista seems closer to being able to do this, but I don't think they require a keystroke.
This has got to be the most obnoxious thing people do on Slashdot. Yes, I got the joke. It was funny, I laughed. My comment is also actually relevant to the discussion.
But still faster than running Windows under qemu. Also, if OpenGL worked (also a big if), I could play games which are graphically intensive but light on the CPU.
And it was a pretty old game I wanted to make this work for.
If you assume Average Joe doesn't get even the least suspicious when something asks him for a password, then Average Joe is doomed.
Think about it. Average Joe will demand admin access in order to change settings and install software. So we have to choose between removing that access entirely (so there's no password for Joe to type), or praying that Joe is smart enough to realize he's giving something admin access.
Really, can you possibly think of a solution to this kind of stupidity? Hell, I could simply craft a website -- maybe a Flash page -- that looks just like the Ubuntu password prompt. That way, I don't even need local user access.
I say this solution is reasonably secure because we don't really have anything more secure. Kind of like how Democracy sucks, but it's also the best we've got.
It used to be risky. Password hashes used to actually be stored in /etc/passwd, where anyone could read your password hash. If there was a weakness in the hash algorithm, or your password was particularly short, they could brute-force it that way -- hence, "time consuming".
/etc/shadow.
On most modern systems, it is also impossible, because the actual password hashes have been moved to
If you are root, you can still attempt to brute-force them -- which would be time-consuming and almost never has a point. If you're hoping they use the same password elsewhere, you can simply install a keylogger -- which is assuming you weren't smart enough to do that when they first set their password. If you simply need access to their account, you can su in. If you need to reset their password, you can do that as root without knowing the original password.
Which means that this whole system is about as exploitable as an "exploit" which gives you root access, but which only works if you're already root.
My copy of TFA won't be done downloading for another 15 mins, so I'll take your word for it. Just checking, though: Does this exploit require you to be able to insert a custom module? Or does it simply require binfmt_misc?
If it's an "exploit" resulting from inserting a custom module, then I doubt anyone will change anything, because this is not a vulnerability.
As someone else mentioned, Linspire has not done this in a long time. In fact, I believe they've never actually released a stable version that ran as root. They just (quite retardedly) went around claiming that running as root was secure, in defense of what they did once, in a development version, likely never seen by Average Joe.
If that's the goal, Average Joe can fire up Ubuntu, right now. Ubuntu never tells the user anything about root, but requires the user to enter their own password occasionally, so that sudo can grant privileges to change critical system settings, install software, etc. This is the same model OS X uses, yet Ubuntu is more secure, because installing new apps does not necessarily require downloading and executing unverified executables.
Why should a secure system never allow a process to increase privileges? I think we just need a secure way to make sure the user knows exactly what's going on every time a process attempts to. For instance -- I think there's a word for this -- create an unbindable key combination, and every time you see a security prompt, press that to make sure it's valid. Or use it to enter your password. Or better -- have a completely separate UI, accessible through said unbindable key combination, so security prompts now tell you "press ctrl+alt+del, then give us access".
/etc/passwd and /etc/shadow you should be allowed to change.
And of course, not all setuid is evil. Look at passwd -- it becomes root, but it knows who you were, and exactly what areas of
This argument has been tried over and over again. It is prohibitively difficult to make an attack like this work.
/etc/shadow is not readable by ordinary users.
The only way I know of to change the user's password requires the user to type their password.
Yes, you could use a keylogging-type attack, but sudo does make this prohibitively slow unless you really know what you're looking for. Even if you do, you still have to wait for the user to answer a sudo prompt.
You could theoretically crack the user's password from the password hash, but this is both time consuming and impossible --
Beyond this, you could try a phishing attack -- put up your own sudo-like prompt and hope they bite -- but that's about it.
How would you propose to remedy this situation? Do you switch to another VT or use a magic sysrq key everytime you become root?
I don't know if Wine has implemented ASIO (as on Windows), but it does have a Jack backend.
Regarding music studio software, why not just use a free one for Linux in the first place?
In theory, with a lot of work, they could compile Wine for PPC. I believe the Darwine project did this originally.
And run PPC Windows apps.
Since Microsoft doesn't sell a Windows for PowerPC, this makes Wine+PPC wholly useless. It makes sense if you want to recompile your Windows app with Winelib to run on your Mac, but that's also pretty useless -- if you have the app's source, why not port it properly? Why not write a WXWindows app in the first place?
For running an x86 app on a PPC, you need an emulator, not just Wine. I think it may be possible to run a modified qemu that only runs a single app (not a whole OS, thinks it's part of the native OS, etc), and run Wine under that. It would, however, be at least as slow as, say, VirtualPC or qemu anyway.
I'm actually going to try to run wine on a G4, at some point. The plan is to install a Linux and get that working first, then qemu. I believe qemu can emulate a CPU for user-level apps, thus meaning I should be able to run an x86 wine, under qemu, under my ppc Linux. And then run a Windows app under that.
They'll fix it out of pride, and because it's the right way to do it. That's assuming this is actually a flaw -- a buffer overrun or something. For instance, if it's some retard saying "Oh cool, I can install a rootkit by changing a couple of bits here in /dev/kmem", then no, they won't fix it. But if it only requires access to, say, the binfmt_misc filesystem, then it is a bug.
And it's important to remember things like this when you see Symantec, Microsoft, and others trying to spread FUD about Linux security. If anyone cares about this bug at all, even just as a matter of keeping the code neat, it will be fixed -- but it will also drive up the numbers of "Linux exploits patched recently". Always, always, always look at the relative severity of the exploits.
Depends on the friends and the distro, but let's see. Debian prompts you to set up an ordinary user/password, as well as a root password. Gentoo does the same, only via documentation, not an installer. And Ubuntu, the distro most friends would send noob-friends to, does not set up a root password at all -- all root access on Ubuntu has to go through sudo.
Most Windows/IE attacks don't require you to even have local access, let alone root.
From what I understand, without reading TFA (currently slashdotted), all you have to do to prevent this attack is to disable binfmt_misc. I believe the attack is works even if module loading is disabled, so long as binfmt_misc is loaded or compiled in.
Name one.
I can name a user friendly distro that has SELinux enabled by default: Fedora.
For instance, lock it away in a chroot jail.
/usr/bin/foo.pl" or whatever.
Solution: Don't give your chroot jail access to the binfmt filesystem. I'm not sure how this can be done, though, as root is allowed to mount pretty much whatever it wants.
Real solution: Don't bother to compile in binfmt support. The only reason for the kernel to recognize any format other than elf or a.out is to call an interpreter to run that file with elf or a.out. Every shell I know of recognizes the shebang at the beginning of most scripts (perl/python/ruby/bash), and you generally launch programs through the shell. Most people will be running programs from the GUI, where this is even less of a problem -- for the most part, they'll be clicking on icons which contain a command like "perl
However, I'd like to actually read the PDF and find out if I'm right about this. Damn Slashdotting.
You didn't like Heretics, either? I thought there were at least a few things to like:
The original was the best, I'll admit, but Heretics was good, and I'm enjoying Chapterhouse well enough.
And yet, you do speak of "redemption".
So what are you using, other than religion, to justify your position on marriage? A dictionary?
Fair's fair, you've put at least as many in my mouth: "So when should we round up undesirables for euthanization?"
What is your basis for this belief?
How large a portion? I'd say large enough to not be human, by your own definition. According to Wikipedia:
Emphasis mine.
Even disregarding that, enough of her brain was damaged that I would call her brain-dead:
Now, tell me, what is life without cognition, perception, and awareness? I suppose it's theoretically possible that she had dreams of emotion, but certainly there was no "rich inner life". Even if she could be restored to a functioning human, she would not be Terri Schiavo. Terri Schiavo was already dead when the tube was pulled.
At least we agree she was not going to recover. I would say, however, that we were not letting someone die from lack of substinance. Rather, we were letting something die -- an empty shell of a human being, no soul left inside, if you believe in souls. No ghost in this shell.
All absolute rules are false, including this one. We are not likely to find very many human beings, conscious or not, that I would euthanize. And yet, I'm sure we both have enough imagination to find some examples where it would be inhuman not to.
A soldier. You said innocent, so he is -- this is his first combat experience, and he hasn't fired a shot yet when a grenade takes off both his legs and sends shrapnel through his intestines. A field medic quickly determines that he's going to die a slow, painful death. Meanwhile, the enemy is moving in, so you don't even have time to give him something to dull the pain. He says "Kill me." What do you do?
How far gone does a head have to be before you'll say the person is dead? Twenty years from now, and we're capable of keeping a body alive. Someone's been decapitated, but we've got a computer hooked up to them, touching their nerves, so their heart still beats, and their body is still alive. Again, for the sake of argument, assume they are innocent. Is there any value in keeping them alive? Are ganglia throughout their body enough to claim there's a human mind in there?
A genetic engineering failure. He'll never be capable of reproduction, he's hideous, he needs drugs to surv
Sounds just like me. Yes, I do better than most people on my first draft. I also completely lack revision skills, but I'm getting some practice at that by letting my work sit for a few months or a year until I can't stand it anymore. I can't stand my 15-year-old brother. I certainly can't stand my own writing at 15.
We should still try to find a way to make it crystal clear. If the above is enough to stop us, then by that logic, we should have no laws whatsoever, because someone with an agenda will always find ways to misunderstand them.
I think we need to give this some context, because I'm losing the plot. How many religions demand that the state do... um... anything at all? The only place I can think of where "free exercise thereof" did entail changing government is Sharia Law.
There are other, smaller examples. Native Americans have been granted rights to kill endangered animals, for instance -- I can't remember what tribe, but I think it was the Bald Eagle.
However, I fail to see where this relates to what we were talking about. Take marriage: How does having the state recognize your marriage make it any more of a "free exercise" of your religion? Credit ratings, tax breaks, etc -- can you show me these in your scripture? Supposing the state only recognizes your marriage as a "civic union" -- in what way does this restrict your free exercise of religion?
Also, as I understand it, free exercise of religion, like most other freedoms in the US, is limited where it would limit the freedoms of others. Put simply, if the neighbors up the street have a religion that encourages their same-sex union, even (gasp!) calls it a marriage, then having your kind of marriage accepted and theirs rejected is restricting the free exercise of their religion.
This is just as true when it comes to infringing on other basic legal issues. For instance, in your own Bible, you will find that gays must be killed, by the word of the Lord. However, if you kill them, you will rightly be convicted of murder, and no amount of screaming about religion is going to help you as long as we can still call this America.
And certainly, "free exercise thereof" doesn't guarantee the government will help you. The full sentence is something like "Congress will pass no law prohibiting a religion or the free exercise thereof..."
Which is why I suggest that people we would ordinarily put on death row should be separated from everyone else.
You'd give up that quickly? Where there is life, there is hope. (And of course, you won't give up on that "baby".)
Alright, try this: Assume the victim is innocent. Evidence could theoretically be uncovered that would set him free. Once free, I'll bet they'd be glad to be alive.
Now, assume the victim is guilty. In this case, punishment is not supposed to be fun. I am not condoning rape, but I would suggest that the damage done to society here is minimal -- it hurts people who would otherwise be long dead by now, and who will never be released back into society.
Wow. Just wow. You never studied any philosophy, did you?
I feel completely confident taking this out of context here. That I can't come up with any specific examples does not, ever, mean that I can be sure none exist.
Or maybe I should put this into a context you'll hate: Does God exist and perform miracles? You can't
I don't do second drafts. I have never been published, because I rarely finish first drafts of anything long enough.
The reason I don't do second drafts is not out of shame. It's directly related to my writing style. I give myself a good keyboard, maybe some caffeine (or maybe not), and a half hour or an hour of time to kill, and I just write. Stream of consciousness. Brain to text file.
Between revising on the fly, much the same way I might correct a typo while touch-typing (actually typed "whil ", then backspaced and added the silent 'e' there), pauses for introspection, and small revisions on a first read-through, that particular piece of writing gets about as good as it's going to. I may make incremental improvements, rewriting a paragraph at a time, inserting something here, ripping out something there, but usually nothing significant.
I suspect this is either because of some subtle and psychological fear of screwing up my work (thank God for version control), or simply that this has always been my style, and I have never been good at massive revisions.
If I could write the way I program, I might have two or three drafts, but that's it. Maybe even less -- I suddenly have this urge to prove the grandparent wrong by publishing a first draft.