I did not imply that Linux was bullet proof. I'm just astonished that you can get privilege escalation through just a userland application run by an unprivileged user!
Well, if there is a system call or userland application that has a vulnerability that can result in privilege elevation, and you can compile a program to exploit it, or exploit a userland program, well there it is then.
What? In what way does that program work, and how on earth is it used? Are you sitting there - on your own - knowing about severe security flaws in Linux?
No one ever said that Linux was bullet proof. And there's no need to discover them on my own, I can just read about them on the Internet. Better than Windows, but not foolproof.
Well, with all of our disease curing, deformation correction (not to mention aesthetic surgery), and public welfare the most unworthy humans are reproducing at enormous rates. To further worsen matters, the most worthy humans are, for personal reasons, not reproducing or having only one child furhter decreasing the population of the 'successful.' We're actually backsliding quite a bit.
I wouldn't take this hardline stance. Since we're a highly social and cooperative group, it's possible to lessen the impact of a genetic disorder that would otherwise prevent a human and his kin from surviving, and selectively use another highly advantageous trait he may have to his own (and society's) greater benefit. Obviously, anything that prevents reproduction is going to be the end of the line, but think about where Stephen Hawking would be had he been born only 100 years ago. The fact that we can take advantage of his intelligence in spite of a disability shows me, anyway, that we've made real progress in this past century.
It's pretty clear that the environment has been dysgenic for intelligence in the modern world for at least a century. The more intelligent you are, the better education you get, and the more education you get, the less children you have.
This doesn't represent an evolutionary process or the 'environment' in a traditional sense. It's not a natural influence, and therefore one that is fixable. It's more just society inadvertently selecting the things that create this outcome. Westernized nations dump truckloads of cash into social programs that encourage the poor and the ignorant to reproduce and survive otherwise life-threatening mistakes in judgement. Tax-breaks for depedants likely figure into this as well. The well-educated are granted better access to the system (sometimes regardless of intelligence) and are more apt to be in an economically advantageous position, where they will pick up the slack for those welfare recipients and tax breaks.
Since the better educated are more likely to understand money, and were likely raised in an environment where they were pressured to understand and prepare or suffer the consequences, they're less likely to create a lot of children they can't pay for (or attempt to raise children in an inhospitable environment). I also think it's worth noting that our westernized culture is less agrarian in nature that it was even one hundred years ago. Having lots of children to help around the house isn't econmonically advantageous, and since society now places strict limits on what children may do before the arbitrary age of adulthood, it's not like they're of any use in urban and suburban areas, (a parent can't take his kids into his place of employment and put them to work full-time).
There's also a relationship of dependance there. The well-heeled and the better educated pay for the poor and ignorant, so when the former thrives, the latter survives. I'm not trying to make a political commentary here, just pointing out some stuff. There's a lot of other ancillary discussion that could go along with this, but I note that this reply is getting too wordy as it is, and I hope I've said enough to make sense.
The most likely outcome of future human evolution might be something like Kornbluth's "Marching Morons." Over the next few centuries, the average IQ of the human race will drop to 60-70.
I predict that the average IQ of the human race will always be 100.;o)
It doesn't need one. If you're running Linux and have gcc installed, and some remote site gets arbitrary code to run under the browser's account, it'll be able to download a script/binary that compiles a program which allows privilege elevation. If you're running Windows, the executed code can just download a precompiled rootkit from the attacking machine.
All desktop and server Linux distros should have ACL support by default, which would make it easier to limit access in special cases like this. That is, limited access without making it a major pain in the butt to create normal, restricted-access user accounts. I don't see why we should wait until it becomes a problem before protecting against it.
Just playing devil's advocate here, but by now, everyone should know that IE isn't just a browser. It's foremost a user shell for Windows, and also a development framework. It just happens to be able to render HTML, XML, and has partial compatibility for CSS as well.
It's a credibility thing. Microsoft can now claim they're losing sales in Country X, because they are now selling their products there. Before, they couldn't claim they were losing money from piracy, because the argument makes no sense when shown that they aren't actually selling something there.
It really doesn't matter what XP SE does, they're obviously not trying to make a profit with it. Hell, now they can turn around and claim that 99% of the copies of Windows in Country X are illegal copies, and chalk it up as a huge loss.
If MS diversified more and didn't obsess over absolutely dominating the industry, they wouldn't be such the target. As it is, they are the "Evil Empire" and the Huns and Mongols getting hungry and sharpening their swords.
Microsoft is plenty diverse, just look at all the genres in which they produce software. The problem is that they got where they were by being the defacto operating system installed on new IBM compatibles, and that has been the case for 20+ years. It's where the majority of their effort seems to go. Well, I don't know if that's a "problem", it's really their business model. They can enter any market sub-segment related to PCs or low-end servers without advertising, (all they have to do is tell the OEMs, "include it or else!")
Some of us laughed at the "developers developers developers" video, but that's the second leg of Microsoft's seat of power. This is where I think they are vulnerable, because they've fostered a "get 'em one and all" philosophy, and there are some terrible commercial developers out there. These are the types that don't offer anything but pay support, don't accept feature or bug requests, and generally don't keep up with MS technology (stuck in Win9x-land). I wonder what is the fix for that. So far, Redmond has caved to their demands every time.
I disagree with the claim that security problems in Windows or other MS software makes them vulnerable (well it makes Windows vulnerable ^^). I do a lot of spyware/malware and intruder removal from people's machines. I don't think these people understand what the problem is. You can recommend alternatives, like Firefox, but it won't make any sense to them when their machine is still compromised because of an underlying Windows flaw. Most of the time they don't even know their computer is compromised.
It is also difficult to attack Microsoft on the security issue, because the argument can be polluted very quickly. AV software vendors love to overstate anything that will cause greater anxiety and up sales. The public at large doesn't seem to understand the differences in severity with security problem reports, or how configuration effects the overall vulnerability of a system, or even the differences between the various operating system components and applications.
I have to laugh at the "get 'em young" strategy. Oh, those kids know they need to run their multiplayer online games on Windows XP, but they also know how to get an illegal copy with a corporate key, and a third-party download site for patches.
And my experience is the exact opposite. So what is your point?
Installing Linux took three times as long as Windows? What were you comparing, Windows 3.1 to Mandrake 10?
However, I don't think it's fair to whine about Windows not coming with any applications. You can't have your cake and eat it, too.
It's not so much the applications, it's what you pay and what you get. And you're misrepresenting the 'bundling' argument. It's also a bit of payback for all the bashing that GNU/Linux distros took for having packages instead of click-and-drool installers. Hey, as it turns out, it's easier to manage a group of desktop machines through a package management interface that installs every piece of the operating system, from core OS to third-party applications.
You can't have your cake and eat it, too. First you complain that Microsoft has an unfair advantage with bundling their apps.
Sure he can, because it is/was happening through OEM channels, where Microsoft exercises a modicum of control. It isn't the just 'bundling' aspect, it's the 'bundle our app with our icon on your desktop, and uninstall our competitor's app or we raise your license prices'.
I'll be damned if my government is going to force them to bundle competitor's apps.
So I don't think my opinion counts here. But, does Aus Code have the same fair use provisions as does the US Code? In that case, nothing needs to be changed, the courts just have to recognize that fair use exists, and the legislature has to give it a nod when they write new bills (i.e. those bills that chip away at the freedoms afforded by fair use).
Yeah, I spotted the problem right away when I first saw the film in '83: There's no air movement when the bikes go by. Other than that, I thought they did a pretty believable job. Most green screen work is easy to pick out because of the edges around the actor, or differences in lighting.
I saw the last 5 movies, but after Ep. I, I will not go to see them in a theater. Too bad, because as it turns out, the hype was somewhat right about Ep. II - it was better than the first one, but still not great overall.
I doubt I'll go see Ep. III in the theater either, unless Lucas adds in a scene where Jar Jar is shot by Han Solo (first), gets a lightsaber amputation from Kenobi, and then gets beat to a bloody pulp by wookies with baseball bats for 5 minutes straight. Yeah, that'd bring me into the theater.
I don't know about that, after all, OSS development requires charity on the part of taxpayers, private companies, and especially the developers. I'm not the gambling type, but I'm sure many other folks in-the-know are frustrated with the bad balance of features and flexibility in retail software these days.
I think the future will involve rapid development, and a service-based, pay-to-build model. I'm hoping it will, anyway. At that point, the playing field will be closer to level. It will still be "open source"/free-as-in-speech, but almost all of the service will be provided commercially.
Mozilla and Firefox have been recommended as alternatives to IE for security reasons. Yet, lately, it seems that there's quite a lot of security problems being uncovered in Firefox. So I'm trying to figure out how to read this.
Good! I hope more folks find them and announce them from on high so they can't be ignored. And I hope the Mozilla FF team fixes them as quickly as possible. I don't feel that IE's integrated nature is the major issue, and what the malware does when it runs (e-mail itself to other users) is only a symptom of the fact that it's fairly easy to get Windows to execute foreign code. And I'm not talking about buffer overruns, either; an attacker can take advantage of the fact that Windows executes some file types without even asking, and that any downloaded (script/program) file is executable by default. I also make note that Microsoft has been improving IE over recent months.
I detect that perhaps your ambivalence isn't sincere, what with lumping both the serious and unlikely under "security problems"? I have yet to encounter a single working exploit that executed arbitrary code on my PC while running a Mozilla-based browser on Linux. I don't think either of those are invulverable, but the odds are stacked in my favor, having never been compromised in ten years of using Linux, more than half of which using Mozilla-based browsers. On Windows, well, Windows is Windows, regardless of the browser you're running, so there are some issues that won't go away unless Mozilla devs decide to replace functionality in Windows APIs.
But, I'm crossing my fingers, I've yet to get nailed while using Firefox or Netscape on Windows.
Looking at the first page of the benchmark report, I see that they're using the exact same setup as in their highly contested samba benchmark,
Oh, right right, I remember that. Remember this one? The test where IIS was faster but only when using 4 NICs bound to each of one of 4 CPUs in a quad processor machine, serving static pages to Win9x clients through NetBEUI?
Something is always amiss when the gap in performance is that large. 300 per cent? I don't think so. Ten to thirty per cent, I'd believe it.
Some things to consider: Three of the four tests involved only static content. Only one of the test configurations used Apache 2.x. Apache was using plain old CGI. DedRat was running a four year-old kernel (sorry, only two years old at the time). They used Intel's drivers with the default settings. No patches or Apache tuning, or other caching add-ons or adjustments.
What is it with Microsoft and static page serving tests anyway? It's always the same thing with these tests: Cache the shit out of static pages, leave the competitor's product at the default settings.
In order for this to happen, I'd need the following to happen first:
* All other agencies that communicate with my district would have to settle on a common, open document format, and stay with it. We need to read what the state sends us.
* Our student information systems would have to support something other than Microsoft products. Tell NCS/Pearson to port SASIxp/IGPro/PCXP to something other than Windows. Follet Software did it with their media circulation software. It's far from impossible.
* All other agencies need to hire something other than web developers who took a half-semester ASP programming course.
* Our accounting systems need to be ported to something other than Windows. There are no cost-effective systems that run on Linux (it's not just initial purchase, it's the support availability).
Where I could substitute with Linux, I did. It's not just Internet access and games for kids, either. Many districts are computerized from top to bottom, so the answer to "why do we need computers in schools", is "because it saves labor costs and gets the job done faster." You also might want to consider that many schools don't have full-time IT staff. Most of the available contractors are MS Certified Reset-button Pushers.
Oh please. If the graduate isn't bright enough to be able to apply his knowledge between different word processors or spreadsheets, he probably isn't going to be productive no matter what application he's using.
So long as we are talking about upgrading existing roads, not building a massive new network of roads, I don't see how anyone can be displeased by this.
Stop me if I'm wrong here, but this material probably can't be created in "legacy" concrete plants which, in my state of Connecticut, are seen as profuse producers of pollution. CT has banned construction of new concrete plants, and the environmentalists cheered. So there's at least one party that would be displeased.
Slashdot Mirror
Considering how bad crime is in Baltimore, perhaps we could explain it by showing that the voters were killed immediately after pulling the lever.
It's surprising yes, and more commonplace than you'd think!
Since the better educated are more likely to understand money, and were likely raised in an environment where they were pressured to understand and prepare or suffer the consequences, they're less likely to create a lot of children they can't pay for (or attempt to raise children in an inhospitable environment). I also think it's worth noting that our westernized culture is less agrarian in nature that it was even one hundred years ago. Having lots of children to help around the house isn't econmonically advantageous, and since society now places strict limits on what children may do before the arbitrary age of adulthood, it's not like they're of any use in urban and suburban areas, (a parent can't take his kids into his place of employment and put them to work full-time).
There's also a relationship of dependance there. The well-heeled and the better educated pay for the poor and ignorant, so when the former thrives, the latter survives. I'm not trying to make a political commentary here, just pointing out some stuff. There's a lot of other ancillary discussion that could go along with this, but I note that this reply is getting too wordy as it is, and I hope I've said enough to make sense.I predict that the average IQ of the human race will always be 100.
It doesn't need one. If you're running Linux and have gcc installed, and some remote site gets arbitrary code to run under the browser's account, it'll be able to download a script/binary that compiles a program which allows privilege elevation. If you're running Windows, the executed code can just download a precompiled rootkit from the attacking machine.
All desktop and server Linux distros should have ACL support by default, which would make it easier to limit access in special cases like this. That is, limited access without making it a major pain in the butt to create normal, restricted-access user accounts. I don't see why we should wait until it becomes a problem before protecting against it.
Just playing devil's advocate here, but by now, everyone should know that IE isn't just a browser. It's foremost a user shell for Windows, and also a development framework. It just happens to be able to render HTML, XML, and has partial compatibility for CSS as well.
It's a credibility thing. Microsoft can now claim they're losing sales in Country X, because they are now selling their products there. Before, they couldn't claim they were losing money from piracy, because the argument makes no sense when shown that they aren't actually selling something there.
It really doesn't matter what XP SE does, they're obviously not trying to make a profit with it. Hell, now they can turn around and claim that 99% of the copies of Windows in Country X are illegal copies, and chalk it up as a huge loss.
Hey, you need any help, just let me know.
Thanks for the suggestions, guys!
Some of us laughed at the "developers developers developers" video, but that's the second leg of Microsoft's seat of power. This is where I think they are vulnerable, because they've fostered a "get 'em one and all" philosophy, and there are some terrible commercial developers out there. These are the types that don't offer anything but pay support, don't accept feature or bug requests, and generally don't keep up with MS technology (stuck in Win9x-land). I wonder what is the fix for that. So far, Redmond has caved to their demands every time.
I disagree with the claim that security problems in Windows or other MS software makes them vulnerable (well it makes Windows vulnerable ^^). I do a lot of spyware/malware and intruder removal from people's machines. I don't think these people understand what the problem is. You can recommend alternatives, like Firefox, but it won't make any sense to them when their machine is still compromised because of an underlying Windows flaw. Most of the time they don't even know their computer is compromised.
It is also difficult to attack Microsoft on the security issue, because the argument can be polluted very quickly. AV software vendors love to overstate anything that will cause greater anxiety and up sales. The public at large doesn't seem to understand the differences in severity with security problem reports, or how configuration effects the overall vulnerability of a system, or even the differences between the various operating system components and applications.
I have to laugh at the "get 'em young" strategy. Oh, those kids know they need to run their multiplayer online games on Windows XP, but they also know how to get an illegal copy with a corporate key, and a third-party download site for patches.
So how about a list of MTAs they're using?
So I don't think my opinion counts here. But, does Aus Code have the same fair use provisions as does the US Code? In that case, nothing needs to be changed, the courts just have to recognize that fair use exists, and the legislature has to give it a nod when they write new bills (i.e. those bills that chip away at the freedoms afforded by fair use).
Yeah, I spotted the problem right away when I first saw the film in '83: There's no air movement when the bikes go by. Other than that, I thought they did a pretty believable job. Most green screen work is easy to pick out because of the edges around the actor, or differences in lighting.
I saw the last 5 movies, but after Ep. I, I will not go to see them in a theater. Too bad, because as it turns out, the hype was somewhat right about Ep. II - it was better than the first one, but still not great overall.
I doubt I'll go see Ep. III in the theater either, unless Lucas adds in a scene where Jar Jar is shot by Han Solo (first), gets a lightsaber amputation from Kenobi, and then gets beat to a bloody pulp by wookies with baseball bats for 5 minutes straight. Yeah, that'd bring me into the theater.
I don't know about that, after all, OSS development requires charity on the part of taxpayers, private companies, and especially the developers. I'm not the gambling type, but I'm sure many other folks in-the-know are frustrated with the bad balance of features and flexibility in retail software these days.
I think the future will involve rapid development, and a service-based, pay-to-build model. I'm hoping it will, anyway. At that point, the playing field will be closer to level. It will still be "open source"/free-as-in-speech, but almost all of the service will be provided commercially.
http://www.faqs.org/rfcs/rfc1945.html
http://www.faqs.org/rfcs/rfc2616.html
Have fun!
I detect that perhaps your ambivalence isn't sincere, what with lumping both the serious and unlikely under "security problems"? I have yet to encounter a single working exploit that executed arbitrary code on my PC while running a Mozilla-based browser on Linux. I don't think either of those are invulverable, but the odds are stacked in my favor, having never been compromised in ten years of using Linux, more than half of which using Mozilla-based browsers. On Windows, well, Windows is Windows, regardless of the browser you're running, so there are some issues that won't go away unless Mozilla devs decide to replace functionality in Windows APIs.
But, I'm crossing my fingers, I've yet to get nailed while using Firefox or Netscape on Windows.
Oh, right right, I remember that. Remember this one? The test where IIS was faster but only when using 4 NICs bound to each of one of 4 CPUs in a quad processor machine, serving static pages to Win9x clients through NetBEUI?
Something is always amiss when the gap in performance is that large. 300 per cent? I don't think so. Ten to thirty per cent, I'd believe it.
Some things to consider: Three of the four tests involved only static content. Only one of the test configurations used Apache 2.x. Apache was using plain old CGI. DedRat was running a four year-old kernel (sorry, only two years old at the time). They used Intel's drivers with the default settings. No patches or Apache tuning, or other caching add-ons or adjustments.
What is it with Microsoft and static page serving tests anyway? It's always the same thing with these tests: Cache the shit out of static pages, leave the competitor's product at the default settings.
Just teach yourself C! You'll discover every possible way in which things can go wrong, and in no time at all.
In order for this to happen, I'd need the following to happen first:
* All other agencies that communicate with my district would have to settle on a common, open document format, and stay with it. We need to read what the state sends us.
* Our student information systems would have to support something other than Microsoft products. Tell NCS/Pearson to port SASIxp/IGPro/PCXP to something other than Windows. Follet Software did it with their media circulation software. It's far from impossible.
* All other agencies need to hire something other than web developers who took a half-semester ASP programming course.
* Our accounting systems need to be ported to something other than Windows. There are no cost-effective systems that run on Linux (it's not just initial purchase, it's the support availability).
Where I could substitute with Linux, I did. It's not just Internet access and games for kids, either. Many districts are computerized from top to bottom, so the answer to "why do we need computers in schools", is "because it saves labor costs and gets the job done faster." You also might want to consider that many schools don't have full-time IT staff. Most of the available contractors are MS Certified Reset-button Pushers.
Oh please. If the graduate isn't bright enough to be able to apply his knowledge between different word processors or spreadsheets, he probably isn't going to be productive no matter what application he's using.
So long as we are talking about upgrading existing roads, not building a massive new network of roads, I don't see how anyone can be displeased by this.
Stop me if I'm wrong here, but this material probably can't be created in "legacy" concrete plants which, in my state of Connecticut, are seen as profuse producers of pollution. CT has banned construction of new concrete plants, and the environmentalists cheered. So there's at least one party that would be displeased.