That's why you're always told to use/bin/su rather than just typing su. They can change your.bash_profile to have your PATH pointing to trojan versions, but they can't get/bin/bash to execute something other than/bin/su when that's what you type, and they can't change/bin/su.
Once they have control of a process with your uid, none of this does any good. If all else fails, I think it should be possible to read and write bytes to arbitrary offsets in any process with the same uid with ptrace(2).
A determined attacker can probably get the root password somehow, but it makes it far harder, which is all you can hope for with security - make it so it's not worth an attacker's while to crack your system.
I'd expect all of this to be simpler than the original stack smasher they used as the local exploit....
Unless the user has . in his/her PATH the attacker will not be able to "replace" any programs like the sh. The attacker cannot log keyboards strokes or snif the tty without root privileges. Hence if your system is set up in a good manner the attacker cannot just get the root password.
Oh, come on. The "." in PATH trick is just one of a billion tricks they could use. Off the top of my head:
They could *add* "." to your PATH, even if you don't have it there already.
They could use shell aliases to remap common commands.
They could intercept library calls with LD_PRELOAD tricks.
I know nothing about X, but I can't believe it would be that hard to get your own X session to intercept keystrokes for you.
A virus will run with the permissions of the user who starts it.
Right. But if that user su's to root on a regular basis (as will be the case if it's the only user on a single-user desktop--they need to upgrade every now and then...), then escalating to root privileges will be trivial.
I would much rather compromise only my data than have someone gain access to the entire system.
On a single-user desktop, once you've compromised the account of that one user, it should be trivial to get root--eventually they'll need root privileges to do an upgrade or something, and then you should be able to sniff their password.
Any exploitable program you run as another user will still need a local escilation exploit in order to do anything harmful. Running something like apache as root, and any vulnerability in programs such as phpMyAdmin will make your whole server go poof.
He's not talking about daemons--presumably apache, mysql, etc. are still run as a separate user under Linspire, as they are in Debian. There's no reason to change that, since those users don't have usernames that people need to enter.
He's talking about the user account that's used by the real physical user of a desktop system.
In that case, no local exploit is needed--the attacker either uses sudo, or just sniffs the password the next time the user uses su (or whatever graphical equivalent pops up next time they try to upgrade some software).
rm -Rf / as nonroot will make you give a sigh of relief. As root will be your nightmare.
For all the talk about it, I don't think I've ever actually known anyone to do the classic accidental rm -Rf / as root. Although I have heard of somewhat similar catastrophes. I doubt the typical gui/finder-like interface makes this so easy, but perhaps I'm wrong. In any case, as he points out, in the case of a single-user desktop, the most important data is in/home/joeuser. Once "joeuser" has deleted that, they're almost back to square one anyway.
Yes, write your representative, tell him he's lost a vote.
There's no need to make any threats; it's implicit that if you're sufficiently annoyed to write, then you'll also be paying attention to how they vote. Just explain what position you think they should take, on which bill, give a simple argument, say thanks, and say that you'd like to know their current position. Make sure they have your name and address so they can reply and so they know you're a constituent. The letter will be read by some random volunteer/intern/whatever, who will read it, do some data entry, and maybe decide which form letter they should send back--make life easy for them by making sure you've got the bill number right and the desired vote (yes/no).
If you make your point particularly well, have some very interesting personal story, whatever, it might be passed up to someone higher up in the office. They probably get vast quantities of mail, so you can't necessary expect a lot of personal attention. But at the least you'll probably get counted as a constituent with a certain position.
If you get in trouble for hacking hardware, the feds get involved and media spin generaly makes you look like a criminal.
Really? Doubtless there's some way to spin "Sony sues Geek who figures out how to do something cool with PSP", but to me, from a public relations point of view, it looks most likely to be a loss for Sony....
If people know this, then why do they hack it? It is like having a law against speeding. I like to speed. I do it from time to time. But I HATE getting a ticket, having my insurace jump up, and being harrassed by the police.
The difference is that hacking the (PSP|XBox|whatever) is cooler than speeding. People probably disagree about the numbers, but most would agree that going too fast for conditions *should* be illegal. Whereas the opposite is probably true for hardware hacking. So if you get in trouble for hardware hacking, maybe you become a folk hero and help change some policy. If you get caught for speeding you probably just feel embarassed.
and by law, UPS and Fedex cannot send first class mail. So what that means is that you have to pay more for a service the government provides because it doesn't give you a choice. It's either the government's service or no service at all.
So what? All I want is a cheap, reliable service. Looks like I've got that....
However, local governments don't have the same incentives to provide good service at low cost.
OK, *you* volunteer to answer the phones at your city councilperson's office the next time a router goes down.
I would hope that this would still allow private companies to compete.
I don't see why not. But I also don't see that the private companies who own the most extensive already-established last-mile networks (and, sometimes, the content distributed over those networks too!) have the right incentives either....
Let's see, SanFran wants to regulate web logs, and people are cheering a law that lets cities to install government-controlled WiFi networks to drive the "greedy" private companies out of business....
Not to mention fact that the FBI can hack a wireless net in 3 minutes, so they'd never need to get a wiretap order to watch what you do...
Why wouldn't they? (An honest question--is a government-run service somehow exempt from wiretap orders?)
Also, if anything I'd think that a government-owned network would be *harder* for the government to censor, since the first amendment applies more directly to the censorship performed by a government agency than it does to, say, censorship performed by a private company to avoid a suit from a customer under stupid decency law.
Censorship. Once this municipality has the power to decide what you can and can't view on the internet, do you really think that it would never be abused. Some religious group will donate large amounts of money to a campaign, and the politician will have to repay that group with censorship legislation.
So why couldn't they pass legislation that made ISP's liable for "offensive" content distributed on their networks? I'm no first amendment expert but, if anything, I'd've thought that it would be *easier* for the goverment to censor in that way than by directly censoring their own networks.
As for the static ip/port blocking issue--currently the major commercial providers (local cable and phone companies) seem mostly to be doing a pretty dismal job of providing raw IP service--you may be able to buy "business-class" service at double or triple the price of regular residential service, but the basic residential service has draconian terms of use. As far as I can tell, the only reason I'm currently able to get competitively priced service from a more reasonable ISP is because of government regulations forcing the phone companies to provide access to competitors.
So I'm a little skeptical as to the private sector's ability to solve the problems you're worried about. But of course, my real concern is with solving those particular problems--I'm very concerned about them too!--so I welcome real evidence (as opposed to libertarian dogma...) that supports any particular solution.
You've probably never heard of 95 percent of the bands that have signed on to a record label.
It's also worth noting that you've almost certainly never heard of 99.99% of the succesful musicians out there. Where by "succesful" I mean, they make a living, and enjoy and excel at what they do.
If your primary goal is to "make it big", or become "famous"--well, I think your priorities are weird, but I also think you're setting yourself up for disappointment....
Does this just follow the schedule and add a bit to appease you? or does this actually track the busses and calculate in real time based upon the driver's habbits, road conditions, speed, etc. how long it will take to get there?
Ann Arbor's busses all have GPS, and you can see displays of the real-time bus-location data in their main bus station. I keep hoping they'll set up some kind of internet access to that data some day. The ability to check bus locations anywhere from a cell phone would be really great.
I think you're making some huge generalizations here based on very little evidence.
How's that ? He's basically described the essence - and purportedly primary advantage - of Open Source development.
What do you think the "puportedly primary advantage of Open Source development" is? I always thought it was that it produced open source software.... I don't like having to agree to a bunch of ludicrous proprietary licenses just to use my computer, thanks.
As for the "huge generalizations based on very little evidence", you're right, I'll take that back: strike "very little", replace that by "no"....
Actually if you read the comments, you'll notice that the HTML4 spec specifically says that rel="next" may be used for prefetching. So Mozilla is simply following the spec here.
Well, I'd describe that as a bug in the spec. (In any case, there's a reason it says "may be used" and not "should"--and "simply following the spec" is no excuse for implementing something optional and dumb.)
But you're right, "never intended to be used" was probably too strong. Maybe "never should have been used" would have been better.
None of this, of course, is particularly relevant to the google case, since they're using "prefetch", not "next".
Prefetching is one of those things that seems like a really great idea on paper, but doesn't hold up so well in practice.
The page you cite in support appears to be an argument specifically against prefetching pages with the rel=next attribute. As you say:
The problem is that you have things like 'rel=next' that expect the user to go to some next "logical" page, but no structure to a site to encourage that logic.
That's a flaw in firefox's prefetching logic, not in site-designers' use of rel=next, which was never intended to be used to indicate links the user was most likely to follow.
In any case, google is actually using rel="prefetch", which *is* intended for that purpose. And google's use looks pretty sensible: "This tag is only inserted when it is likely that the user will click on the first link." From experimenting it appears that it's only used on some searches; e.g. the example they give is the first hit on a search for "stanford". So presumably they have fairly good evidence that a user is actually likely to click on such a link--I suspect they have enough data on this that they don't need to just guess.
In OSS, a lot of the maintainers and coders are just "hackers" or college kids contributing bits and pieces of less broad knowledge over a bigger project team, not real software engineers who have been trained to really think through the consequences of certain design decisions.... I could see why someone at Google might think this is a good idea, but I'd expect that a company with the means to do the necessary research wouldn't go about implementing this kind of hackish "feature set" until it had thought things through a little better.
I think you're making some huge generalizations here based on very little evidence.
Um, how is teaching that "The Theory of Evolution" is a *GASP* THEORY and not a fact, insane?!?
Sure, it's a theory, as is the theory that the earth is (approximately) round and orbits the sun (as opposed to vice versa). If that's the only point you want to make, fine. If you mean to suggest that the theories that say that the earth is older than a few thousand years old, and that species evolve (and that existing species are descended from common ancestors) are somehow approximately equally well supported by the evidence as some sort of insanely literal interpretation of genesis--then, yes, I'd call that insane, in the same sense that I'd call it insane for an educated 21st-century person to believe the world is flat. It's a relatively mild form of insanity, perhaps, but it suggests, at the very least, an enormous inability to weigh evidence.
My problem with evolutionary science is the strict dogmatism. You can only interpret evolutionary evidence in exactly this way. The contrast with astronomy is striking.
Um, you must not hang with anyone who actually studies evolution for a living. They disagree all the time. That doesn't mean they think it's sensible to propose, say, that humans don't share common ancestors with other primates.
Would you say that astronomy is dogmatic because astronomers don't take seriously earth-centric theories of the solar system any more?
Certainly. Part of science education should be teaching basic terminology. In this case, part of the lesson would be that anyone who uses the phrase "just a theory" is almost certainly not a scientist. This illustrates one of many cases where scientists give a word a rather precise meaning, while in general speech the word is vague and fuzzy.
Sure. It's also important to learn to look at the "vague and fuzzy" things that people say and figure out what what they may really *mean*, especially when the fuzziness is partly a bit of clever misdirection.
The sentence from the original post is very interesting:
If you look at the public struggles between creationists and evolutionists, the creationists who represent the mainstream Evangelical thought are not trying to remove evolution, they would just like the teaching of evolution to acknowledge that it is not a proven fact, and that there are other schools of thought, an in particular, the possibility of intelligent design.
(An aside: I find the use of the phrase "mainstream Evangelical thought" here particularly amusing. The tone of the language, the use of the word "mainstream", the identification with a hypothesized school of thought, all conspire to make the speaker seem oh-so-reasonable just at the moment s/he is about to propose something completely ludicrous.)
They're clearly setting up "evolution" and "intelligent design" as opposing theories (in the everyday sense of "rough guesses as to what's going on"), and the implication is that we're supposed to imagine them as roughly in the same ballpark in terms of such things as supporting evidence and success at explaining observed facts. Which is not true. So they've managed to say something completely false without really (if you look closely) literally saying much of anything. (For a sufficiently strict definition of "proven fact", virtually nothing is....)
Part of the cure, as you say, is to learn a more precise use of language. Part of it is also to recognize when, even when a sentence may not say something literally false ("Evolution is a theory."), it was crafted in order to mislead.
(And not necessarily intentionally--people mislead themselves this way too.)
Of course, there's always the possibility that it's all a fraud, the entire Earth was created a few years (or minutes) ago complete with fake fossils, fake geological strata, false memories, and so on. But for that, the best thing is to suggest that the students read some Douglas Adams books, if they haven't already.
Well, except that the idea of ID does not necessarily exclude evolution altogether. Sure there are fundies which still strictly believe the whole 6 days and 6000 years bit, but there is a lot more to the universe than just biology. There are a whole lot of variables in physics and elsewhere that ID could play its bit.
Sure. It could all be a setup from the start--the fundamental constants of nature could have been invented with the purpose of producing life. That doesn't bother me much, though at this point we've gotten a bit beyond the scope of a science class.
Most people I've seen using the term "intelligent design" seem to be referring to something that *is* at odds with science, and I think that's how the original poster meant it: "they would just like the teaching of evolution to acknowledge that it is not a proven fact, and that there are other schools of thought, an in particular, the possibility of intelligent design." (emphasis mine.)
If you look at the public struggles between creationists and evolutionists, the creationists who represent the mainstream Evangelical thought are not trying to remove evolution, they would just like the teaching of evolution to acknowledge that it is not a proven fact, and that there are other schools of thought, an in particular, the possibility of intelligent design.
But the problem is that that's insane. Would you also have your science teacher say that the heliocentric theory of the solar system is "just a theory", and that there are other schools of thought, including the "epicycle" theory?
A responsible science teacher could not stand before a class and say that the evidence for "intelligent design" is anything like on a par with the evidence for evolution. If you don't realize that the evidence is at that level, then you just haven't been paying attention.
it's not like the publishers of Shakespeare and Stevenson are facing something really new here.
Yup. Go to your local bookstore and look up any of those. You'll find multiple editions from multiple publishers, some who specialize in just selling the most book for the least price, some that differentiate themselves with extra introductions or annotations or whatever (and they do have copyright on those extras). This is all good, and it's been going on for ever.
This is exactlythe attitude that keeps holding open source back.
Ah! How could I not see it? All along I thought the problem was that writing version control systems and operating system kernels was hard. But now I see, it was just my attitude!
With my attitude freshly adjusted, inhuman quantities of software will flow from my fingertips. The elegance of my code will make seasoned programmers weep, and developers worldwide will swoon at the prescience of my architectural decisions.
No longer will I be constrained by the mere requirements of funding or customer demands--I will set aside worldy needs and, with the benefit of newfound powers of insight, I will be able to concentrate my (now massive) resources on precisely whichever project is at any given moment most in need of the blessing of my attention.
Slashdot Mirror
Once they have control of a process with your uid, none of this does any good. If all else fails, I think it should be possible to read and write bytes to arbitrary offsets in any process with the same uid with ptrace(2).
I'd expect all of this to be simpler than the original stack smasher they used as the local exploit....
--Bruce Fields
Oh, come on. The "." in PATH trick is just one of a billion tricks they could use. Off the top of my head:
--Bruce Fields
Right. But if that user su's to root on a regular basis (as will be the case if it's the only user on a single-user desktop--they need to upgrade every now and then...), then escalating to root privileges will be trivial.
--Bruce Fields
On a single-user desktop, once you've compromised the account of that one user, it should be trivial to get root--eventually they'll need root privileges to do an upgrade or something, and then you should be able to sniff their password.
--Bruce Fields
He's not talking about daemons--presumably apache, mysql, etc. are still run as a separate user under Linspire, as they are in Debian. There's no reason to change that, since those users don't have usernames that people need to enter.
He's talking about the user account that's used by the real physical user of a desktop system.
In that case, no local exploit is needed--the attacker either uses sudo, or just sniffs the password the next time the user uses su (or whatever graphical equivalent pops up next time they try to upgrade some software).
For all the talk about it, I don't think I've ever actually known anyone to do the classic accidental rm -Rf / as root. Although I have heard of somewhat similar catastrophes. I doubt the typical gui/finder-like interface makes this so easy, but perhaps I'm wrong. In any case, as he points out, in the case of a single-user desktop, the most important data is in /home/joeuser. Once "joeuser" has deleted that, they're almost back to square one anyway.
--Bruce Fields
There's no need to make any threats; it's implicit that if you're sufficiently annoyed to write, then you'll also be paying attention to how they vote. Just explain what position you think they should take, on which bill, give a simple argument, say thanks, and say that you'd like to know their current position. Make sure they have your name and address so they can reply and so they know you're a constituent. The letter will be read by some random volunteer/intern/whatever, who will read it, do some data entry, and maybe decide which form letter they should send back--make life easy for them by making sure you've got the bill number right and the desired vote (yes/no).
If you make your point particularly well, have some very interesting personal story, whatever, it might be passed up to someone higher up in the office. They probably get vast quantities of mail, so you can't necessary expect a lot of personal attention. But at the least you'll probably get counted as a constituent with a certain position.
--Bruce Fields
Really? Doubtless there's some way to spin "Sony sues Geek who figures out how to do something cool with PSP", but to me, from a public relations point of view, it looks most likely to be a loss for Sony....
--Bruce Fields
The difference is that hacking the (PSP|XBox|whatever) is cooler than speeding. People probably disagree about the numbers, but most would agree that going too fast for conditions *should* be illegal. Whereas the opposite is probably true for hardware hacking. So if you get in trouble for hardware hacking, maybe you become a folk hero and help change some policy. If you get caught for speeding you probably just feel embarassed.
--Bruce Fields
Horrors!
So what? All I want is a cheap, reliable service. Looks like I've got that....
--Bruce Fields
OK, *you* volunteer to answer the phones at your city councilperson's office the next time a router goes down.
I don't see why not. But I also don't see that the private companies who own the most extensive already-established last-mile networks (and, sometimes, the content distributed over those networks too!) have the right incentives either....--Bruce Fields
Why wouldn't they? (An honest question--is a government-run service somehow exempt from wiretap orders?)
Also, if anything I'd think that a government-owned network would be *harder* for the government to censor, since the first amendment applies more directly to the censorship performed by a government agency than it does to, say, censorship performed by a private company to avoid a suit from a customer under stupid decency law.
--Bruce Fields
So why couldn't they pass legislation that made ISP's liable for "offensive" content distributed on their networks? I'm no first amendment expert but, if anything, I'd've thought that it would be *easier* for the goverment to censor in that way than by directly censoring their own networks.
As for the static ip/port blocking issue--currently the major commercial providers (local cable and phone companies) seem mostly to be doing a pretty dismal job of providing raw IP service--you may be able to buy "business-class" service at double or triple the price of regular residential service, but the basic residential service has draconian terms of use. As far as I can tell, the only reason I'm currently able to get competitively priced service from a more reasonable ISP is because of government regulations forcing the phone companies to provide access to competitors.
So I'm a little skeptical as to the private sector's ability to solve the problems you're worried about. But of course, my real concern is with solving those particular problems--I'm very concerned about them too!--so I welcome real evidence (as opposed to libertarian dogma...) that supports any particular solution.
--Bruce Fields
It's also worth noting that you've almost certainly never heard of 99.99% of the succesful musicians out there. Where by "succesful" I mean, they make a living, and enjoy and excel at what they do.
If your primary goal is to "make it big", or become "famous"--well, I think your priorities are weird, but I also think you're setting yourself up for disappointment....
--Bruce Fields
Ann Arbor's busses all have GPS, and you can see displays of the real-time bus-location data in their main bus station. I keep hoping they'll set up some kind of internet access to that data some day. The ability to check bus locations anywhere from a cell phone would be really great.
--Bruce Fields
What do you think the "puportedly primary advantage of Open Source development" is? I always thought it was that it produced open source software.... I don't like having to agree to a bunch of ludicrous proprietary licenses just to use my computer, thanks.
As for the "huge generalizations based on very little evidence", you're right, I'll take that back: strike "very little", replace that by "no"....
--Bruce Fields
Well, I'd describe that as a bug in the spec. (In any case, there's a reason it says "may be used" and not "should"--and "simply following the spec" is no excuse for implementing something optional and dumb.)
But you're right, "never intended to be used" was probably too strong. Maybe "never should have been used" would have been better.
None of this, of course, is particularly relevant to the google case, since they're using "prefetch", not "next".
--Bruce Fields
The page you cite in support appears to be an argument specifically against prefetching pages with the rel=next attribute. As you say:
That's a flaw in firefox's prefetching logic, not in site-designers' use of rel=next, which was never intended to be used to indicate links the user was most likely to follow.
In any case, google is actually using rel="prefetch", which *is* intended for that purpose. And google's use looks pretty sensible: "This tag is only inserted when it is likely that the user will click on the first link." From experimenting it appears that it's only used on some searches; e.g. the example they give is the first hit on a search for "stanford". So presumably they have fairly good evidence that a user is actually likely to click on such a link--I suspect they have enough data on this that they don't need to just guess.
I think you're making some huge generalizations here based on very little evidence.
--Bruce Fields
Sure, it's a theory, as is the theory that the earth is (approximately) round and orbits the sun (as opposed to vice versa). If that's the only point you want to make, fine. If you mean to suggest that the theories that say that the earth is older than a few thousand years old, and that species evolve (and that existing species are descended from common ancestors) are somehow approximately equally well supported by the evidence as some sort of insanely literal interpretation of genesis--then, yes, I'd call that insane, in the same sense that I'd call it insane for an educated 21st-century person to believe the world is flat. It's a relatively mild form of insanity, perhaps, but it suggests, at the very least, an enormous inability to weigh evidence.
--Bruce Fields
Um, you must not hang with anyone who actually studies evolution for a living. They disagree all the time. That doesn't mean they think it's sensible to propose, say, that humans don't share common ancestors with other primates.
Would you say that astronomy is dogmatic because astronomers don't take seriously earth-centric theories of the solar system any more?
--Bruce Fields
Sure. It's also important to learn to look at the "vague and fuzzy" things that people say and figure out what what they may really *mean*, especially when the fuzziness is partly a bit of clever misdirection.
The sentence from the original post is very interesting:
(An aside: I find the use of the phrase "mainstream Evangelical thought" here particularly amusing. The tone of the language, the use of the word "mainstream", the identification with a hypothesized school of thought, all conspire to make the speaker seem oh-so-reasonable just at the moment s/he is about to propose something completely ludicrous.)
They're clearly setting up "evolution" and "intelligent design" as opposing theories (in the everyday sense of "rough guesses as to what's going on"), and the implication is that we're supposed to imagine them as roughly in the same ballpark in terms of such things as supporting evidence and success at explaining observed facts. Which is not true. So they've managed to say something completely false without really (if you look closely) literally saying much of anything. (For a sufficiently strict definition of "proven fact", virtually nothing is....)
Part of the cure, as you say, is to learn a more precise use of language. Part of it is also to recognize when, even when a sentence may not say something literally false ("Evolution is a theory."), it was crafted in order to mislead. (And not necessarily intentionally--people mislead themselves this way too.)
Heh. Indeed.
Sure. It could all be a setup from the start--the fundamental constants of nature could have been invented with the purpose of producing life. That doesn't bother me much, though at this point we've gotten a bit beyond the scope of a science class.
Most people I've seen using the term "intelligent design" seem to be referring to something that *is* at odds with science, and I think that's how the original poster meant it: "they would just like the teaching of evolution to acknowledge that it is not a proven fact, and that there are other schools of thought, an in particular, the possibility of intelligent design." (emphasis mine.)
But the problem is that that's insane. Would you also have your science teacher say that the heliocentric theory of the solar system is "just a theory", and that there are other schools of thought, including the "epicycle" theory?
A responsible science teacher could not stand before a class and say that the evidence for "intelligent design" is anything like on a par with the evidence for evolution. If you don't realize that the evidence is at that level, then you just haven't been paying attention.
--Bruce Fields
Yup. Go to your local bookstore and look up any of those. You'll find multiple editions from multiple publishers, some who specialize in just selling the most book for the least price, some that differentiate themselves with extra introductions or annotations or whatever (and they do have copyright on those extras). This is all good, and it's been going on for ever.
--Bruce Fields
Ah! How could I not see it? All along I thought the problem was that writing version control systems and operating system kernels was hard. But now I see, it was just my attitude!
With my attitude freshly adjusted, inhuman quantities of software will flow from my fingertips. The elegance of my code will make seasoned programmers weep, and developers worldwide will swoon at the prescience of my architectural decisions.
No longer will I be constrained by the mere requirements of funding or customer demands--I will set aside worldy needs and, with the benefit of newfound powers of insight, I will be able to concentrate my (now massive) resources on precisely whichever project is at any given moment most in need of the blessing of my attention.
Behold the power of my new Attitude!