Many of the comments miss your very valid point- that without a false sense of security granted by an AV, you are likely to NEVER run anything untrusted, because you know it could absolutely ruin you, and you have no reliable out. That's referenced in the story. And it's a fact that people adjust risk to match their perceived security- seat belts save lives, but not as many as they should, because people drive with less care when seatbelted (statistically- though probably everyone reading this does too). With antilock brakes, the delta is large enough that ABS seems to overall be a neutral tech, safety-wise.
But I'll share my story: at one point, several years ago, I downloaded Opera. I had used Opera before: it was my go-to choice for awhile, but I hadn't used it in awhile, and wanted to check it out. I browsed to a site that was, in my head, secure- a gaming news website. But it was only secure in my head because I normally browse it with limited (domain-only) scripting and a good set of ad blockers. Since I had JUST installed Opera, I had no safeguards active. I saw that the site was a nest of vipers without that, and went to close it, but in doing so I must have moused THROUGH an ad.
I was owned IMMEDIATELY. Malware called "Anti Malware Doctor" began an "install procedure", meaning, of course, that it was already in, and running code. These days, all the good AVs can tear this thing out- at the time, it was brand new (as presumably was whatever scripting exploit they used- I'm not trying to shit-talk Opera here). I killed power as soon as I knew what was going on.
For the next several weeks, I did almost all my computing on my laptop, and much of it was devoted to removing said malware. All these terrible little binaries to try to yank the damned thing out. Eventually, I did so- by running stuff from bleeping computer and other great forums, the computer was back up and Anti Malware Doctor was no more.
Or so I thought.
A couple years later, I had reinstalled Windows on a fresh drive, and still had the old one around for archival purposes. One day, after updating I think Microsoft Security Essentials, it suddenly starting finding that damned malware on the old drive. It had curled itself up in some places that I guess weren't known at the time. It was sheer luck that I had never ran them, or that they didn't work as intended, or something. At the time I blew up the malware, I guess no one had discovered all the places it could hide.
Anti Malware Doctor is the sort of malware that gets in your face and eventually tries to get you to spend money. It's flashy and visual and is intended to get money through that route. If the malware was instead of the "botnet" variety or the "remote access" variety, I would not have found it for YEARS, and I would have ONLY found it by running an anti-virus.
So some of the posts saying "how would you know", while sort of missing your big point, are still pointing out a really valuable thing: it's entirely possible to be infected and not know it. In my case, it was yet another stupid javascript problem combined with a fresh browser I hadn't configured extensively for security. But it could be ANYTHING.
I'm glad you posted this, because the fact that facebook sucks at supporting ios is not Apple's bad. It's also not relevant to those of us that either don't use facebook, or don't use their mobile app. Why use facebook as a metric, and not, say, some arbitrary other third party app? Statistics are lies because statisticians are liars!
He *probably* meant to complain about the MacBook Pro, but, still, it's not really a good point. Apple is a bit behind the bleeding edge on some pieces of tech, notably anything related to system integration on the newest PC hardware, as they pick and choose what to support from top to bottom, leaving out a lot of good tech and picking other good tech. That's not an approach that would work for Linux or Windows. Meanwhile, areas like mobile processors they are leading the field in many ways.
> Windows haters can do the same, in case it's over fake "security concerns" w.r.t. Windows 10, in which case, they need a one-way trip to Guantanamo Bay in order to learn what REAL invasion of privacy is. Fucking children.
You should probably look into what you agreed to send Microsoft in the EULA (hint: everything you ever do, say, everyone you know, who you communicate with, the contents of those communications, etc etc etc).
But keep going with that amazing comparison. You could write ad copy:
"Microsoft Windows: It's better than being detained indefinitely and tortured in a military prison on a communist island!"
That you have to compare a long term detainment and part time torture camp to the OS you bought and paid for shows just how Windows users will put up with anything. Ludicrous comparison to compare something you buy and pay for with indefinite detention.
My main box has been Linux. It is a lot more hassle to run Windows stuff under Linux, of course, but the writing was on the wall when Windows 10 seemed so sketchy. When I found out that the telemetry updates had been pushed MONTHS prior and then went live for 7 and 8, that was what made it clear to me that I must switch sooner: that was hugely disingenuous. I dual booted for awhile to get stuff switched over, and now my box's Microsoft code is DLLs for WINE.
What I COULD do, if I was inclined to keep a Windows partition around, is to grab just the security updates, and use those. That's probably what most slashdotters who give a fuck will do. I just don't give a fuck. I just can't ever keep up with the endless update debt of Windows, and fighting that seems almost impossible. It's this huge list of everchanging clusterfuck, and if I'm going to have to sysadmin my shit, it may as well be on an OS that isn't actively trying to fuck me over. I'd much rather prefer the accidental breakage of New Bullshit than the deliberate breakage of Known Hostile Entity.
At work, our Linux boxes obviously don't care about this, and our Windows boxes are Somebody Else's Problem, but those are Enterprise, so who cares anyway.
But I'll just use Fedora.
It is said, Windows users will put up with anything. Well, I won't, which is why I'm not a Windows user.
XFCE has window borders. OP is complaining that you can't make them thicker, I think, which would be nice on higher resolutions. I know the Window manager has Focus Follows Mouse as an option, I'm not sure how to replicate the border clicking you describe, as I've never used that even on like, CDE.
I think your comment sorta hits the nail on the head. KDE and Gnome have been the two major desktops for a long time, but KDE had a rocky start with odd licensing, and both of them have had wildly unpopular updates. KDE devs have been a bit more sane in their response, but they still have a pretty heavyweight desktop environment to maintain compared to others, and they don't have the big guys showcasing them as Gnome does. Meanwhile, other DEs have come about in the last few years and have gotten a lot better than they were before.
> Why do you want to build elderly retired robots?
Well, he said the Japanese are doing that, so that's a pretty compelling reason. It worked for selling them love-pillows with the anime babes on them, right?
"Spies Spying" is not really front page news. Every interesting story can't make the front page. That's why there are other fucking pages.
This is not a media blackout. This is a niche story with reasonably broad implications, but just because you appreciate all the implications doesn't mean everyone else does.
The thing is, facebook needs to make a 'target' (a site that works around ublock origin and hosts solutions), at which point, developers will tear that target down. Right now, facebook is ad-free if you have the filter on your display-device. When that changes, a new filter will be made. Everyone saying stuff like "oh it's super easy to stop ad blockers" don't realize that the fundamentals are, a remote server has a document, and you display it locally according to a set of your own rules. They don't control your CPU, or your monitor, you do. You can work around a given ad blocker. Then there will be a new ad blocker. Etc.
> Why should *I* be required to fix an obvious piece of spyware from them?
Play Microsoft games, win Microsoft prizes.
Of course, you shouldn't be required to do that. But you *should* be aware enough of the state of the industry, as a slashdot poster, to be familiar enough with the various downsides of each phone alternatives. Maybe you give up privacy, maybe you give up security, maybe you spend a lot, maybe you give up functionality. There's a rainbow of bullshit here, and you have to pick your least hated fucking color.
Ok, but repeat this physical replacement drama for pieces of the stove, the fridge, the internals of the AC once some jackass decides it needs to be firmware updatable from factory, the TV, the front and back doors, the garage door, the stereo, the toilets, and the shower.
There's always a way to fix a problem. This article *should* make you ask the question- do you want to inject more problem-vectors into everyone's life?
I mean, look at how many compromises we make with our computers and computer programs. And many of us are computer professionals. Even if you do go through hoops to have your computer be pretty much perfect, that's because of a passion about that. I don't think anyone has everything set up perfectly, and the mere existence of these things in the market place means that many people are going to end up with them, unless they are passionate haters.
For my part, I actually got a new furnace and AC recently, and I brought up that I didn't want any networking technology, and that an analog ("mechanical") thermostat would be ideal. He was easily able to accommodate the first, but the "mechanical" thermostats were a pain- they were rare and way more expensive because there's not much market for them. What will that conversation sound like in twenty years?
And of course- I was able to accomplish this because I was having just the HVAC work done anyway, and all had to be replaced regardless.
Because HVAC guys are able to gear up to handle a newly enabled assault on the infrastructure they provide ("Thanks, Computer Science! For bringing all your problems everywhere, from hearth to hospital!"), show up, and have a whole ton of old school thermostats just laying around in case.
Way worse if the attack is distributed top down.
And remember: this specific attack is just about a thermostat. Other "smart" things (read: "will remotely obey your enemies in time of need") will or do include the refrigerator with grandma's insulin, the lock on the front door, and opened or closed status of the garage door, and in some cases, pieces of the plumbing. I can't wait for some smart toilet to yield some kind of resonant attack on the pipes by clever timing of valves.
All this tech, brought to you by a few semi-professionals buying the cheapest commodity chips from gods-know-where. I'm sure they will succeed where security professionals routinely fail.
> If Google knows my private key, how is it private?
It's not, but it's more protection than using their default service. Remember, there are a LOT more potential attacks besides "google is wholly malicious or compromised utterly and remembers my keys". There's attacks where google's keystore could be compromised, but if google isn't storing your key, that won't be enough to attack your data, for instance. Given how large and juicy a target Google ultimately is, it is reasonable to layer some security on top of theirs if possible and desired.
But yes, it is does not prevent against every single potential adversary. Still, it is what they can offer, which is good.
Also consider Pale Moon. I think if I had to pick exactly ONE browser, I'd probably end up with Chrome- but I don't, so I use Pale Moon for almost everything, Firefox for some things, and Chrome when I need it.
> No per tab processes means no real sandboxing at the kernel level.
This change seems to be about stability more than security. Remember, if a browser process is owned, it is still running with all the permissions of the browser process. It can certainly go dick with other processes running, such as other instances of the browser, your email client, etc. But a crashed process that runs everything with threads is, everything is crashed, while if different tabs are there own processes, you lose that tab.
Ok, it wasn't particularly difficult to call, being that Microsoft told us pretty much every single thing ahead of time, per my link in that thread.
I wonder what mandatory updates will have in store for the Windows boxes? One thing we know for sure is, someone will post a massive shell script that invokes binaries, diddlefucks services, and uses some third party tool to mitigate the impact to all the xbox OS PCs, and somehow that will be ok, because Windows users will put up with anything:/
Slashdot Mirror
Many of the comments miss your very valid point- that without a false sense of security granted by an AV, you are likely to NEVER run anything untrusted, because you know it could absolutely ruin you, and you have no reliable out. That's referenced in the story. And it's a fact that people adjust risk to match their perceived security- seat belts save lives, but not as many as they should, because people drive with less care when seatbelted (statistically- though probably everyone reading this does too). With antilock brakes, the delta is large enough that ABS seems to overall be a neutral tech, safety-wise.
But I'll share my story: at one point, several years ago, I downloaded Opera. I had used Opera before: it was my go-to choice for awhile, but I hadn't used it in awhile, and wanted to check it out. I browsed to a site that was, in my head, secure- a gaming news website. But it was only secure in my head because I normally browse it with limited (domain-only) scripting and a good set of ad blockers. Since I had JUST installed Opera, I had no safeguards active. I saw that the site was a nest of vipers without that, and went to close it, but in doing so I must have moused THROUGH an ad.
I was owned IMMEDIATELY. Malware called "Anti Malware Doctor" began an "install procedure", meaning, of course, that it was already in, and running code. These days, all the good AVs can tear this thing out- at the time, it was brand new (as presumably was whatever scripting exploit they used- I'm not trying to shit-talk Opera here). I killed power as soon as I knew what was going on.
For the next several weeks, I did almost all my computing on my laptop, and much of it was devoted to removing said malware. All these terrible little binaries to try to yank the damned thing out. Eventually, I did so- by running stuff from bleeping computer and other great forums, the computer was back up and Anti Malware Doctor was no more.
Or so I thought.
A couple years later, I had reinstalled Windows on a fresh drive, and still had the old one around for archival purposes. One day, after updating I think Microsoft Security Essentials, it suddenly starting finding that damned malware on the old drive. It had curled itself up in some places that I guess weren't known at the time. It was sheer luck that I had never ran them, or that they didn't work as intended, or something. At the time I blew up the malware, I guess no one had discovered all the places it could hide.
Anti Malware Doctor is the sort of malware that gets in your face and eventually tries to get you to spend money. It's flashy and visual and is intended to get money through that route. If the malware was instead of the "botnet" variety or the "remote access" variety, I would not have found it for YEARS, and I would have ONLY found it by running an anti-virus.
So some of the posts saying "how would you know", while sort of missing your big point, are still pointing out a really valuable thing: it's entirely possible to be infected and not know it. In my case, it was yet another stupid javascript problem combined with a fresh browser I hadn't configured extensively for security. But it could be ANYTHING.
I'm glad you posted this, because the fact that facebook sucks at supporting ios is not Apple's bad. It's also not relevant to those of us that either don't use facebook, or don't use their mobile app. Why use facebook as a metric, and not, say, some arbitrary other third party app? Statistics are lies because statisticians are liars!
> I don't think that word means what you think it means...
No, "reliable" means "consistently good in quality or performance; able to be trusted" not "what you think it means...".
He *probably* meant to complain about the MacBook Pro, but, still, it's not really a good point. Apple is a bit behind the bleeding edge on some pieces of tech, notably anything related to system integration on the newest PC hardware, as they pick and choose what to support from top to bottom, leaving out a lot of good tech and picking other good tech. That's not an approach that would work for Linux or Windows. Meanwhile, areas like mobile processors they are leading the field in many ways.
> Windows haters can do the same, in case it's over fake "security concerns" w.r.t. Windows 10, in which case, they need a one-way trip to Guantanamo Bay in order to learn what REAL invasion of privacy is. Fucking children.
You should probably look into what you agreed to send Microsoft in the EULA (hint: everything you ever do, say, everyone you know, who you communicate with, the contents of those communications, etc etc etc).
But keep going with that amazing comparison. You could write ad copy:
"Microsoft Windows: It's better than being detained indefinitely and tortured in a military prison on a communist island!"
That you have to compare a long term detainment and part time torture camp to the OS you bought and paid for shows just how Windows users will put up with anything. Ludicrous comparison to compare something you buy and pay for with indefinite detention.
My main box has been Linux. It is a lot more hassle to run Windows stuff under Linux, of course, but the writing was on the wall when Windows 10 seemed so sketchy. When I found out that the telemetry updates had been pushed MONTHS prior and then went live for 7 and 8, that was what made it clear to me that I must switch sooner: that was hugely disingenuous. I dual booted for awhile to get stuff switched over, and now my box's Microsoft code is DLLs for WINE.
What I COULD do, if I was inclined to keep a Windows partition around, is to grab just the security updates, and use those. That's probably what most slashdotters who give a fuck will do. I just don't give a fuck. I just can't ever keep up with the endless update debt of Windows, and fighting that seems almost impossible. It's this huge list of everchanging clusterfuck, and if I'm going to have to sysadmin my shit, it may as well be on an OS that isn't actively trying to fuck me over. I'd much rather prefer the accidental breakage of New Bullshit than the deliberate breakage of Known Hostile Entity.
At work, our Linux boxes obviously don't care about this, and our Windows boxes are Somebody Else's Problem, but those are Enterprise, so who cares anyway.
But I'll just use Fedora.
It is said, Windows users will put up with anything. Well, I won't, which is why I'm not a Windows user.
XFCE has window borders. OP is complaining that you can't make them thicker, I think, which would be nice on higher resolutions. I know the Window manager has Focus Follows Mouse as an option, I'm not sure how to replicate the border clicking you describe, as I've never used that even on like, CDE.
I also have no idea about which is "best", but I use it on Fedora and it is pretty great.
I think your comment sorta hits the nail on the head. KDE and Gnome have been the two major desktops for a long time, but KDE had a rocky start with odd licensing, and both of them have had wildly unpopular updates. KDE devs have been a bit more sane in their response, but they still have a pretty heavyweight desktop environment to maintain compared to others, and they don't have the big guys showcasing them as Gnome does. Meanwhile, other DEs have come about in the last few years and have gotten a lot better than they were before.
I mean, I see this as "skip FC25, wait for this to calm down". There's no way that this will work flawlessly immediately, after all.
> Why do you want to build elderly retired robots?
Well, he said the Japanese are doing that, so that's a pretty compelling reason. It worked for selling them love-pillows with the anime babes on them, right?
"Spies Spying" is not really front page news. Every interesting story can't make the front page. That's why there are other fucking pages.
This is not a media blackout. This is a niche story with reasonably broad implications, but just because you appreciate all the implications doesn't mean everyone else does.
> I'm doing NOTHING if I can't review the SOURCE CODE!
Come on, give it a chance. The last fifty years should have shown you one thing clearly: nothing else can fuck you like closed source software.
I mean, I can view those sites without ads just fine. You should google it, there's plenty of workarounds.
The thing is, facebook needs to make a 'target' (a site that works around ublock origin and hosts solutions), at which point, developers will tear that target down. Right now, facebook is ad-free if you have the filter on your display-device. When that changes, a new filter will be made. Everyone saying stuff like "oh it's super easy to stop ad blockers" don't realize that the fundamentals are, a remote server has a document, and you display it locally according to a set of your own rules. They don't control your CPU, or your monitor, you do. You can work around a given ad blocker. Then there will be a new ad blocker. Etc.
> Why should *I* be required to fix an obvious piece of spyware from them?
Play Microsoft games, win Microsoft prizes.
Of course, you shouldn't be required to do that. But you *should* be aware enough of the state of the industry, as a slashdot poster, to be familiar enough with the various downsides of each phone alternatives. Maybe you give up privacy, maybe you give up security, maybe you spend a lot, maybe you give up functionality. There's a rainbow of bullshit here, and you have to pick your least hated fucking color.
> iOS comes with multiple apps I don't care about
What basic utilities does Apple include that you don't want?
Ok, but repeat this physical replacement drama for pieces of the stove, the fridge, the internals of the AC once some jackass decides it needs to be firmware updatable from factory, the TV, the front and back doors, the garage door, the stereo, the toilets, and the shower.
There's always a way to fix a problem. This article *should* make you ask the question- do you want to inject more problem-vectors into everyone's life?
I mean, look at how many compromises we make with our computers and computer programs. And many of us are computer professionals. Even if you do go through hoops to have your computer be pretty much perfect, that's because of a passion about that. I don't think anyone has everything set up perfectly, and the mere existence of these things in the market place means that many people are going to end up with them, unless they are passionate haters.
For my part, I actually got a new furnace and AC recently, and I brought up that I didn't want any networking technology, and that an analog ("mechanical") thermostat would be ideal. He was easily able to accommodate the first, but the "mechanical" thermostats were a pain- they were rare and way more expensive because there's not much market for them. What will that conversation sound like in twenty years?
And of course- I was able to accomplish this because I was having just the HVAC work done anyway, and all had to be replaced regardless.
> calling a person to install a $25 thermostat
Because HVAC guys are able to gear up to handle a newly enabled assault on the infrastructure they provide ("Thanks, Computer Science! For bringing all your problems everywhere, from hearth to hospital!"), show up, and have a whole ton of old school thermostats just laying around in case.
Way worse if the attack is distributed top down.
And remember: this specific attack is just about a thermostat. Other "smart" things (read: "will remotely obey your enemies in time of need") will or do include the refrigerator with grandma's insulin, the lock on the front door, and opened or closed status of the garage door, and in some cases, pieces of the plumbing. I can't wait for some smart toilet to yield some kind of resonant attack on the pipes by clever timing of valves.
All this tech, brought to you by a few semi-professionals buying the cheapest commodity chips from gods-know-where. I'm sure they will succeed where security professionals routinely fail.
> If Google knows my private key, how is it private?
It's not, but it's more protection than using their default service. Remember, there are a LOT more potential attacks besides "google is wholly malicious or compromised utterly and remembers my keys". There's attacks where google's keystore could be compromised, but if google isn't storing your key, that won't be enough to attack your data, for instance. Given how large and juicy a target Google ultimately is, it is reasonable to layer some security on top of theirs if possible and desired.
But yes, it is does not prevent against every single potential adversary. Still, it is what they can offer, which is good.
Sister Fister III: The bad habit
Also consider Pale Moon. I think if I had to pick exactly ONE browser, I'd probably end up with Chrome- but I don't, so I use Pale Moon for almost everything, Firefox for some things, and Chrome when I need it.
> No per tab processes means no real sandboxing at the kernel level.
This change seems to be about stability more than security. Remember, if a browser process is owned, it is still running with all the permissions of the browser process. It can certainly go dick with other processes running, such as other instances of the browser, your email client, etc. But a crashed process that runs everything with threads is, everything is crashed, while if different tabs are there own processes, you lose that tab.
Hooray I called it!
https://news.slashdot.org/comm...
Ok, it wasn't particularly difficult to call, being that Microsoft told us pretty much every single thing ahead of time, per my link in that thread.
I wonder what mandatory updates will have in store for the Windows boxes? One thing we know for sure is, someone will post a massive shell script that invokes binaries, diddlefucks services, and uses some third party tool to mitigate the impact to all the xbox OS PCs, and somehow that will be ok, because Windows users will put up with anything :/