As long as you have people admining their own boxes at home, you can never protect against these attacks. Any measures you take will restrict my absolute and total control over my own computer, which is what makes linux so attractive in the first place.
I do not see how the measures I propose limit control, considering that all choices are made by the administrator and not by any outside central authority. Care to clarify, or give an example?
Then again. How do you get a user that dont understand that securitypatches dont spead via mail, to install those programs?
You can't. That's exactly why they should be part of the OS environment.
And allowing only registered executables to run is a bad thing. Who should decide? Microsoft?
No, the user. I'm not talking about a central authority a la driver-signing. I'm talking about letting that to the user. Does he want to give full network permissions to a shareware game he downloaded? No (with a bold "Recommended" next to it). I hope I made myself clear now.
Yes, but when this kind of thing happened on Windows, it was Windows' fault for not having the proper security mechanisms to stop it. The difference is that Windows will set up all users as administrators, true, but running as a plain user can be very bad too. The fact is, neither of the OSes provides (by default, at least) substantial protection from such attacks.
Allowing only registered executables to run could be set up to prevent such things. Microsoft signs their patches and programs too, but no regular user will ever check.
Incorporate such functions in the OS or GUI. Harass the user whenever an executable or shared library is introduced to the system: "Here are the certifications, do you trust this?"
Limiting permissions up to the user level is not enough anymore: VM based environments such as Java and.NET have program/assembly-based security systems. But although the technology exists, it is very poorly handled, at least in the.NET front where I am experienced: There is no simple wizard to set up settings the way you want them, there is no popup dialog asking you how much you trust this executable and which permissions it should get. Such technology could go a long way in preventing such ridiculously simple attacks from succeeding in the future.
First time I saw a similar feature was in Kerio Personal Firewall, which would ask everytime a new program would attempt to connect somewhere, or have something connect to a port it opened. It was simple and effective, and the 'harassment' was more than worth it (SP2 does something similar, but it's flawed*).
In conclusion. I want to say that I believe if all people had:
1) Startup Monitor - Painfully simple, no one should be without it.
2) Kerio Personal Firewall, or equivalent
3) An executable monitor as described above. ,the *real* reasons for Windows' pathetic security record would be no more. Never mind those vulnerabilities: I could give you a.exe that would delete all your documents, and you have but to click on it (I swear it decrypts HL2 from the Steam files:-) The same, of course, applies to Linux.
* SP2 tells you when an executable tries to connect, and waits for you to decide if you want to block it, but it *does* allow the connection to work until you decide what to do with it. Furthermore, I'm not sure if it can tell if an executable was replaced with a compromised version (Kerio has MD5 hashes)
I'm not entirely convinced either, but your post sounds as if you paused your typing to go yell at kids to get off your lawn or something. Why are you so pessimistic? What if Nintendo shows that some games are much better in two screens? What if we see the birth of a new genre? Thinking outside the box results in many failures and stupid concepts. Does that mean we should stop and stay where we are?
Can you name a feature in linux that stops the installation of a second software package, while the first is being installed under instructions from the user? Can you name a feature that can make the distinction?
Too bad the mass media did not think of that when given the press release.
As opposed to slashdot, a large group of tech-savvy and generally intelligent people, which *should* be able to look through the scam. Some suspected, but none went into the trouble of looking into it. This is not a criticism of slashdot or an insult to slashdotters, but if we didn't bother, why should the less knowledgeable (on the subject) mass media? If a company makes a press release, it is considered true, that's common behaviour.
Not at all. It's just a ridiculous setup for Slashdotters all over the world to show how (un)funny they can be. Even the few anti-MS jokes which are actually still funny, seem pathetic in the context of such a self-pleasuring 'topic'.
Or maybe the submitter thought he was being original. I doubt it, though.
Well I think instant content based searches was a big point of WinFS. I don't follow it too much though. I'm a newly converted mac guy myself.
That's pretty much WinFS, yeah. Problem is, only a beta will be shipped with Longhorn, which is a huge disappointment for what's supposed to be launched in 2 years. WinFS was the highlight of the useful things of Longhorn from the user perspective.
Re:Flaws in both Languages
on
Java 1.5 vs C#
·
· Score: 1
Java is 'open source'. Everything: JDK classes and the virtual machine, all are there for everyone to see. Sun owns the Java trademark and is in control of what language features are in and what are out.
I am under the impression that they aren't. There exists a open-source implementation of Java, but the virtual machine and SDK provided by Sun do not have the source with them, and it is generally not available. Sun rejected the pleas of the open source community to open-source Java (link)
.NET is not open source. Correct me if I'm wrong but I think that the CLR source isn't available. C# is a standardized language. That means that 'theoretically' other parties can influence the direction of the language in the future.
Correct, the MS.NET implementation is not open-source. But as is the case with Java, the SDK and compiler is free and open-source implementations such as Mono are not fought against. In fact, one can argue that Microsoft is more open-source-friendly: The language and CLI is standardized which makes the life of compiler programmers easier (par example, Mono already has many C# 2.0 features, even though MS's own 2.0 compiler is still in beta). Also Microsoft provides a Shared Source-licensed implementation of.NET called Rotor
Why was this modded funny? That's exactly how you're supposed to work if you want a Debian system that has what you want and nothing else.
If you don't check the 'Desktop Environment' set of packages near the end of the installation routine, you'll find yourself in a very bare Debian installation. Then, proceed with installing gnome/kde, X, and your favourite editors. Work with the system until you find something missing, then just use synaptics or whatever to install it, it'll take care of the dependencies.
Alternatively, you can install 'Desktop Environment' and work backwards by removing stuff. More likely to work without any problems, but it's tedious.
Didn't know about the installfest.Maybe I should go. I moved here less than two months ago (freshman) so meeting people is something I want to do. I'll look into it.
I'm in Tempe, and I live in an apartment complex. Right now I'm getting signals from 11 AP's, other than my own. Only two of them have some kind of encryption. I think of them a safety cushion if my connection goes haywire:-)
But while I was in class (in ASU) two days ago, I got signal from an AP with SSID 'WAZTempe'.Is this an official city-wide network (or an attempt at it?) Anyone from around here who knows about this?
Sure, people will always buy the best and newest, but I think that less people share this attitude now. I'm not talking about maturing and realising that you don't need the best that's out there; But I noticed something my geek friends and I shared: Our love for Pentium 200's. We have all agreed, without someone convincing us, that the 166-300mhz age was the golden era of desktop pcs. Sufficiently tweaked, they will still perform well for most tasks one needs to do, and still have some room for fun.
My 16-year old brother recently 'catched' the P200 love flu, and will only use the P4 for UT2k4; for all other purposes, the MMX with 192MB of RAM and the 8gb harddisk is what he uses, but kept absolutely clean, defragmented, updated and optimized for optimum Pentium 1 Power;-) It performs extremely well for its age, and comfortably runs Windows 2000.
Maybe computers will become like cars in the end, and we will change them as often as we change cars. Probably not, but I'm sure more and more people will eventually learn to prefer obsessing on tweaking old hardware than buying new, just like cars.
(Looks like, when they were "bringing in the big guns", IBM brought in the biggest gun there is.)
Actually in the previous SCO story, the article mentioned Brian Kernighan testifying for IBM. Now *that's* the biggest gun there is. Makes you wanna see the look of all the SCO software engineers who work to make a credible argument in court when they come face to face with the guy's whose books tought them how to program.
Slashdot Mirror
As long as you have people admining their own boxes at home, you can never protect against these attacks. Any measures you take will restrict my absolute and total control over my own computer, which is what makes linux so attractive in the first place.
I do not see how the measures I propose limit control, considering that all choices are made by the administrator and not by any outside central authority. Care to clarify, or give an example?
Then again. How do you get a user that dont understand that securitypatches dont spead via mail, to install those programs?
You can't. That's exactly why they should be part of the OS environment.
And allowing only registered executables to run is a bad thing. Who should decide? Microsoft?
No, the user. I'm not talking about a central authority a la driver-signing. I'm talking about letting that to the user. Does he want to give full network permissions to a shareware game he downloaded? No (with a bold "Recommended" next to it). I hope I made myself clear now.
Yes, but when this kind of thing happened on Windows, it was Windows' fault for not having the proper security mechanisms to stop it. The difference is that Windows will set up all users as administrators, true, but running as a plain user can be very bad too. The fact is, neither of the OSes provides (by default, at least) substantial protection from such attacks.
.NET have program/assembly-based security systems. But although the technology exists, it is very poorly handled, at least in the .NET front where I am experienced: There is no simple wizard to set up settings the way you want them, there is no popup dialog asking you how much you trust this executable and which permissions it should get. Such technology could go a long way in preventing such ridiculously simple attacks from succeeding in the future.
,the *real* reasons for Windows' pathetic security record would be no more. Never mind those vulnerabilities: I could give you a .exe that would delete all your documents, and you have but to click on it (I swear it decrypts HL2 from the Steam files :-) The same, of course, applies to Linux.
Allowing only registered executables to run could be set up to prevent such things. Microsoft signs their patches and programs too, but no regular user will ever check.
Incorporate such functions in the OS or GUI. Harass the user whenever an executable or shared library is introduced to the system: "Here are the certifications, do you trust this?"
Limiting permissions up to the user level is not enough anymore: VM based environments such as Java and
First time I saw a similar feature was in Kerio Personal Firewall, which would ask everytime a new program would attempt to connect somewhere, or have something connect to a port it opened. It was simple and effective, and the 'harassment' was more than worth it (SP2 does something similar, but it's flawed*).
In conclusion. I want to say that I believe if all people had:
1) Startup Monitor - Painfully simple, no one should be without it.
2) Kerio Personal Firewall, or equivalent
3) An executable monitor as described above.
* SP2 tells you when an executable tries to connect, and waits for you to decide if you want to block it, but it *does* allow the connection to work until you decide what to do with it. Furthermore, I'm not sure if it can tell if an executable was replaced with a compromised version (Kerio has MD5 hashes)
This is some funny shit. You (or someone) needs to record this. Damn you're good.
Suddenly, this seems a lot closer to reality.
I'm not entirely convinced either, but your post sounds as if you paused your typing to go yell at kids to get off your lawn or something. Why are you so pessimistic? What if Nintendo shows that some games are much better in two screens? What if we see the birth of a new genre? Thinking outside the box results in many failures and stupid concepts. Does that mean we should stop and stay where we are?
The Three Laws of Robotnik's?
Do you mean they should
1) Have an obvious weak spot
2) Move in an predictable preprogrammed manner
3) Have an indestructible escape pod?
Can you name a feature in linux that stops the installation of a second software package, while the first is being installed under instructions from the user? Can you name a feature that can make the distinction?
Too bad the mass media did not think of that when given the press release.
As opposed to slashdot, a large group of tech-savvy and generally intelligent people, which *should* be able to look through the scam. Some suspected, but none went into the trouble of looking into it.
This is not a criticism of slashdot or an insult to slashdotters, but if we didn't bother, why should the less knowledgeable (on the subject) mass media? If a company makes a press release, it is considered true, that's common behaviour.
Considering that the product was freely available to rich and poor alike , it's more like charging for air. A plain old scam in other words.
The man confessed to have uttered "How can things get any worse" a second before the satellite crashed into his house.
Actually, his "Incoming Slashdotter" Java Pop up indicates he's fairly well prepared.
If you build it, they will come indeed.
Not at all. It's just a ridiculous setup for Slashdotters all over the world to show how (un)funny they can be. Even the few anti-MS jokes which are actually still funny, seem pathetic in the context of such a self-pleasuring 'topic'.
Or maybe the submitter thought he was being original. I doubt it, though.
Well I think instant content based searches was a big point of WinFS. I don't follow it too much though. I'm a newly converted mac guy myself.
That's pretty much WinFS, yeah. Problem is, only a beta will be shipped with Longhorn, which is a huge disappointment for what's supposed to be launched in 2 years. WinFS was the highlight of the useful things of Longhorn from the user perspective.
Java is 'open source'. Everything: JDK classes and the virtual machine, all are there for everyone to see. Sun owns the Java trademark and is in control of what language features are in and what are out.
.NET is not open source. Correct me if I'm wrong but I think that the CLR source isn't available. C# is a standardized language. That means that 'theoretically' other parties can influence the direction of the language in the future.
.NET implementation is not open-source. But as is the case with Java, the SDK and compiler is free and open-source implementations such as Mono are not fought against. In fact, one can argue that Microsoft is more open-source-friendly: The language and CLI is standardized which makes the life of compiler programmers easier (par example, Mono already has many C# 2.0 features, even though MS's own 2.0 compiler is still in beta). Also Microsoft provides a Shared Source-licensed implementation of .NET called Rotor
I am under the impression that they aren't. There exists a open-source implementation of Java, but the virtual machine and SDK provided by Sun do not have the source with them, and it is generally not available. Sun rejected the pleas of the open source community to open-source Java (link)
Correct, the MS
Why was this modded funny? That's exactly how you're supposed to work if you want a Debian system that has what you want and nothing else.
If you don't check the 'Desktop Environment' set of packages near the end of the installation routine, you'll find yourself in a very bare Debian installation. Then, proceed with installing gnome/kde, X, and your favourite editors. Work with the system until you find something missing, then just use synaptics or whatever to install it, it'll take care of the dependencies.
Alternatively, you can install 'Desktop Environment' and work backwards by removing stuff. More likely to work without any problems, but it's tedious.
And Ender.
Will you people stop with the "Nothing to see here" thing? It's getting very tiring, and most of the time it doesn't mean anything.
Didn't know about the installfest.Maybe I should go. I moved here less than two months ago (freshman) so meeting people is something I want to do. I'll look into it.
I'm in Tempe, and I live in an apartment complex. Right now I'm getting signals from 11 AP's, other than my own. Only two of them have some kind of encryption. I think of them a safety cushion if my connection goes haywire :-)
But while I was in class (in ASU) two days ago, I got signal from an AP with SSID 'WAZTempe'.Is this an official city-wide network (or an attempt at it?) Anyone from around here who knows about this?
Gamecube made most their profits off of Nintendo's own games. Nintendo is just looking for some more market share.
*gasp* Conspiracy! Capitalism!
Seriously, I don't see what does had to do with the subject. Care to enlighten me?
Sure, people will always buy the best and newest, but I think that less people share this attitude now. I'm not talking about maturing and realising that you don't need the best that's out there; But I noticed something my geek friends and I shared: Our love for Pentium 200's. We have all agreed, without someone convincing us, that the 166-300mhz age was the golden era of desktop pcs. Sufficiently tweaked, they will still perform well for most tasks one needs to do, and still have some room for fun.
;-) It performs extremely well for its age, and comfortably runs Windows 2000.
My 16-year old brother recently 'catched' the P200 love flu, and will only use the P4 for UT2k4; for all other purposes, the MMX with 192MB of RAM and the 8gb harddisk is what he uses, but kept absolutely clean, defragmented, updated and optimized for optimum Pentium 1 Power
Maybe computers will become like cars in the end, and we will change them as often as we change cars. Probably not, but I'm sure more and more people will eventually learn to prefer obsessing on tweaking old hardware than buying new, just like cars.
It's on this month's Dr. Dobb's too.
(Looks like, when they were "bringing in the big guns", IBM brought in the biggest gun there is.)
Actually in the previous SCO story, the article mentioned Brian Kernighan testifying for IBM. Now *that's* the biggest gun there is. Makes you wanna see the look of all the SCO software engineers who work to make a credible argument in court when they come face to face with the guy's whose books tought them how to program.
Anyone else notice, that last years contestants already worked out the SCO/IBM case in This task?
:-)
Yep, that was one of our tasks last year, and yep, it's an IBM/SCO reference