According to the spoof demostration page, this has been known for five years(!) but the bug filed has been marked "confidential". You'd think that the Mozilla team could do better than security through obscurity - that is usually a reserved tactic for "the other team"....
I just emerged it, since it was in portage and gave it a quick spin. There isn't much to see as such, but it does look pretty nice, especially with the windows blending into each other and such small effects. It had a few example applications to try out.
The good part is that it was so easy to try out, since it can run under SDL inside X - all that was needed was the emerge and then 'startY' and off we go.
I think I'll follow this for a while and see if there seems to actively happen things with it, because what is there shows some promise alright, and from the little I've read up on it, it seems they have a solid idea to stand on. Time will tell...
It would be easy to 'warn' instead of 'die', or to just silently ignore any errors instead if that is a better approach. Sometimes it is, sometimes it's not.:)
One line on perl typically does a lot more than one line of C code
There was an excellent, brief example of that in an otherwise also excellent comment to the Paul Graham thingy over at Perlmonks here. It was in java, but the point still remains.
Gah. There are a million options for filtering posts here, on new users, long posts, old posts, funny moderated and so on, but not for the one option I'd actually activate - the "same old - again?!" filter.
I think it needs some more additions: like a flag that could specify that this application is a mail client, and so gets firewall access to IMAP, POP and SMTP (maybe with fine-tuning available). Then there are two routes from there, either have a user 'joe-mail' that you could map all email applications to in this way, that already has these firewall rights, or you create a new user as above that gets added to the firewall.
I think I'd have this approach:
* Define lots of standard protocols and groups of those, like pop, imap or the group of all those, mail. * Have the command 'sudo JailService pine options' where options are protocols and groups etc. * If there is a user that matches the options, use that - otherwise create a user (joe-imap-smtp) that matches first. * Add appropriate rules to iptables, user + protocols * Of course, configs and stuff (KDE for me, please;-)
Not really fleshed out, but something along those lines could be a good base, I think. Most people would just use the shortcuts mail, browser, ftp and so on, but it would allow for more tuning too.
Then there is the matter of config files - one would need to keep track of all of those too, in the cases there are any... for a system like Gentoo, maybe the portage system could be queried, I'm not really sure how other systems are, but if they installing the files, the data should be somewhere.
Well, I do like the idea. I'm not sure when it would get 'easy enough' but it would be totally awesome if it was easy enough for "most", never mind me - and like you said, distros should maybe already do this.
The point is that it seems, and most of the time actually will be, "unnecessary geek extras" - until you get hit, of course. So it must be really easy, on the verge of automated (and possibly forced) for it to happen on any bigger scale than a few people. It could well pay off big time though.
That is not bad at all, from a security point of view, but it is waaay to much twiddling for me. And I run Gentoo unstable... Very few would ever go through the pains to set such a thing up.
However, if it was automated, either that the distro set such things up for every user, or there would be a good tool (not like all these hopeless firewall tools that manage to be both GUI and harder than commandline iptables) I would not say no thank you to that. Problems quickly arises though when the need comes to identify which programs should go where, when installing separate stuff (say Thunderbird).
Actually, I don't have *many* problems. And this would also be on the same machines, so how do you mean hardware would be the issue?
But for instance, NTFS just shrugs off a hard reboot (power outage, OS lock-up, both rare but happens), while EXT3 doesn't. And at rare occasions that has meant lost files. So far nothing unreplaceable, and I'm leaning towards rare and special conditions.
Performancewise etc I have no idea, personally I regard all of those more or less equal (because I can't tell the difference using them) although I rather go with the free and open ones that come with my free and open OS - more ideology then specs I'm afraid. =)
My original post was just about parent being unfair to NTFS, really.
I know a lot of people that use Windows, and use it in large "Joe User"-offices, that never ever gets any viruses.
This is due to two things: Behaviour and a Personal Firewall. Most of these people also runs anti-virus software, but it is never needed - still, it feels safe to have and can't really hurt (other than costs). Behaviour means not doing too much stupid stuff, and it often but not always include not using Outlook or IE, at least too much.
Check out some software firewall, Kerio used to be a good choice when I ran Windows, although I've heard the newer versions are pretty bloated and stupid. There are others as well.
That, together with some simple common sense keeps a lot of people very safe.
I'm not so sure. Here, at home, I am running my Linux box as a normal user, firewalled and everything setup according to the rules. Still, what would malware want with my root access for? If I would execute something malicious, the virus/trojan/whatever would already have access to what is important: the desktop user.
Ok, so it can't erase the *whole* HD or meddle too much with the system, but it can do everything I have the right to do, such as finding and using mail clients and start spreading if that is what it is about.
It could also simply sit idle and log keystrokes until I enter my root pw if that is needed, or just any banking info, or whatever. What it can't do would be stuff like opening a spam mail relay. Until it gets the root pw, that is. Or maybe it is enough to capture your normal pw and use sudo? Did you set it up without restrictions?
Other possibilities include invading lots of local config scripts that are run when starting applications, and oh, when was the last time you checked what was in your KDE autostart? Or any of all the other files that are usually run?
Most things don't matter if root/Administrator access is available - that is for servers.
Actually, I could have something like this running since a long time ago, maybe some russian is watching me type this. After all, I've allowed outgoing connections and I don't do real security audits. After all, this is my home desktop user system. I think it is lots better of than most, but it is not a server.
Ah come on now, NTFS may possibly not be the best of the best (I don't know such things) but I've been using it extensively since I got my first 2000 install somewhere in early, well 2000, and as far as I can recall it has never failed or lost me any data, and it just works. Some oddities with file locks though when applications don't wanna let go.
Nowadays I am running purely Linux, and I wish I could say the same. Fsck ring a bell? And no, the newer breeds aren't flawless yet. But it is good enough, so I'm using it.;-)
Just silly to pick on one of the things MS has done that actually works - it may not be perfect, but it is far from bad. Sadly, it also seems far from being writable in a stable manner too.;-)
Now, if you would like to pick on FAT32, I'm game. =)
Hmm... Last I checked, Perl was not an ideal language for writing "large bodies of maintainable code." In fact, it was quite the opposite.
I don't know about ideal, but it is not hard to write and maintain large bodies of clean and readable code in Perl. On the other hand, you can *also* write totally obfuscated weirdo oneliners. Because it is flexible.
Bad (or just plain evil) programmers can write bad and ugly code in any language, good programmers can write good gode in almost any language. Can't very well say any, because there are such beasts as BF out there.;-)
Most of the time, the people I know who wrote Perl couldn't understand what they did just 2 weeks later.
Well, those aren't programmers. At least not yet. Perl has - built in, mind you! - more rules, checks and syntactic helpers than most languages - if you chose to turn them on. Most good programmers do, however they are off by default so quick oneliners on the commandline and lightning 5-line quick and dirties can be pulled off as well.
TIMTOWTDI (There Is More Than One Way To Do It) sums up the whole philosophy. Spend some time at places like http://www.perlmonks.org/ and then come back and tell me that most Perl programmers create code that can't be maintained.;-)
Slashdot Mirror
According to the spoof demostration page, this has been known for five years(!) but the bug filed has been marked "confidential". You'd think that the Mozilla team could do better than security through obscurity - that is usually a reserved tactic for "the other team"....
I just emerged it, since it was in portage and gave it a quick spin. There isn't much to see as such, but it does look pretty nice, especially with the windows blending into each other and such small effects. It had a few example applications to try out.
The good part is that it was so easy to try out, since it can run under SDL inside X - all that was needed was the emerge and then 'startY' and off we go.
I think I'll follow this for a while and see if there seems to actively happen things with it, because what is there shows some promise alright, and from the little I've read up on it, it seems they have a solid idea to stand on. Time will tell...
Also, the main site seemed to be down, but I found a wiki here: http://y-win-wiki.jciteassist.org/y-win-wiki/
It would be easy to 'warn' instead of 'die', or to just silently ignore any errors instead if that is a better approach. Sometimes it is, sometimes it's not. :)
One line on perl typically does a lot more than one line of C code
There was an excellent, brief example of that in an otherwise also excellent comment to the Paul Graham thingy over at Perlmonks here. It was in java, but the point still remains.
http://www.theforce.net/theater/shortfilms/batman_ deadend/
;-)
Fan movie with a pretty nice story twist. Also, the Joker has never been better on film.
Gah. There are a million options for filtering posts here, on new users, long posts, old posts, funny moderated and so on, but not for the one option I'd actually activate - the "same old - again?!" filter.
Yeah, maybe... :)
;-)
I think it needs some more additions: like a flag that could specify that this application is a mail client, and so gets firewall access to IMAP, POP and SMTP (maybe with fine-tuning available). Then there are two routes from there, either have a user 'joe-mail' that you could map all email applications to in this way, that already has these firewall rights, or you create a new user as above that gets added to the firewall.
I think I'd have this approach:
* Define lots of standard protocols and groups of those, like pop, imap or the group of all those, mail.
* Have the command 'sudo JailService pine options' where options are protocols and groups etc.
* If there is a user that matches the options, use that - otherwise create a user (joe-imap-smtp) that matches first.
* Add appropriate rules to iptables, user + protocols
* Of course, configs and stuff (KDE for me, please
Not really fleshed out, but something along those lines could be a good base, I think. Most people would just use the shortcuts mail, browser, ftp and so on, but it would allow for more tuning too.
Then there is the matter of config files - one would need to keep track of all of those too, in the cases there are any... for a system like Gentoo, maybe the portage system could be queried, I'm not really sure how other systems are, but if they installing the files, the data should be somewhere.
Well, I do like the idea. I'm not sure when it would get 'easy enough' but it would be totally awesome if it was easy enough for "most", never mind me - and like you said, distros should maybe already do this.
The point is that it seems, and most of the time actually will be, "unnecessary geek extras" - until you get hit, of course. So it must be really easy, on the verge of automated (and possibly forced) for it to happen on any bigger scale than a few people. It could well pay off big time though.
That is not bad at all, from a security point of view, but it is waaay to much twiddling for me. And I run Gentoo unstable... Very few would ever go through the pains to set such a thing up.
However, if it was automated, either that the distro set such things up for every user, or there would be a good tool (not like all these hopeless firewall tools that manage to be both GUI and harder than commandline iptables) I would not say no thank you to that. Problems quickly arises though when the need comes to identify which programs should go where, when installing separate stuff (say Thunderbird).
Otherwise, not a bad idea as such. =)
Actually, I don't have *many* problems. And this would also be on the same machines, so how do you mean hardware would be the issue?
But for instance, NTFS just shrugs off a hard reboot (power outage, OS lock-up, both rare but happens), while EXT3 doesn't. And at rare occasions that has meant lost files. So far nothing unreplaceable, and I'm leaning towards rare and special conditions.
Performancewise etc I have no idea, personally I regard all of those more or less equal (because I can't tell the difference using them) although I rather go with the free and open ones that come with my free and open OS - more ideology then specs I'm afraid. =)
My original post was just about parent being unfair to NTFS, really.
I know a lot of people that use Windows, and use it in large "Joe User"-offices, that never ever gets any viruses.
This is due to two things: Behaviour and a Personal Firewall. Most of these people also runs anti-virus software, but it is never needed - still, it feels safe to have and can't really hurt (other than costs). Behaviour means not doing too much stupid stuff, and it often but not always include not using Outlook or IE, at least too much.
Check out some software firewall, Kerio used to be a good choice when I ran Windows, although I've heard the newer versions are pretty bloated and stupid. There are others as well.
That, together with some simple common sense keeps a lot of people very safe.
I'm not so sure. Here, at home, I am running my Linux box as a normal user, firewalled and everything setup according to the rules. Still, what would malware want with my root access for? If I would execute something malicious, the virus/trojan/whatever would already have access to what is important: the desktop user.
Ok, so it can't erase the *whole* HD or meddle too much with the system, but it can do everything I have the right to do, such as finding and using mail clients and start spreading if that is what it is about.
It could also simply sit idle and log keystrokes until I enter my root pw if that is needed, or just any banking info, or whatever. What it can't do would be stuff like opening a spam mail relay. Until it gets the root pw, that is. Or maybe it is enough to capture your normal pw and use sudo? Did you set it up without restrictions?
Other possibilities include invading lots of local config scripts that are run when starting applications, and oh, when was the last time you checked what was in your KDE autostart? Or any of all the other files that are usually run?
Most things don't matter if root/Administrator access is available - that is for servers.
Actually, I could have something like this running since a long time ago, maybe some russian is watching me type this. After all, I've allowed outgoing connections and I don't do real security audits. After all, this is my home desktop user system. I think it is lots better of than most, but it is not a server.
Ah come on now, NTFS may possibly not be the best of the best (I don't know such things) but I've been using it extensively since I got my first 2000 install somewhere in early, well 2000, and as far as I can recall it has never failed or lost me any data, and it just works. Some oddities with file locks though when applications don't wanna let go.
;-)
;-)
Nowadays I am running purely Linux, and I wish I could say the same. Fsck ring a bell? And no, the newer breeds aren't flawless yet. But it is good enough, so I'm using it.
Just silly to pick on one of the things MS has done that actually works - it may not be perfect, but it is far from bad. Sadly, it also seems far from being writable in a stable manner too.
Now, if you would like to pick on FAT32, I'm game. =)
Hmm... Last I checked, Perl was not an ideal language for writing "large bodies of maintainable code." In fact, it was quite the opposite.
;-)
;-)
I don't know about ideal, but it is not hard to write and maintain large bodies of clean and readable code in Perl. On the other hand, you can *also* write totally obfuscated weirdo oneliners. Because it is flexible.
Bad (or just plain evil) programmers can write bad and ugly code in any language, good programmers can write good gode in almost any language. Can't very well say any, because there are such beasts as BF out there.
Most of the time, the people I know who wrote Perl couldn't understand what they did just 2 weeks later.
Well, those aren't programmers. At least not yet. Perl has - built in, mind you! - more rules, checks and syntactic helpers than most languages - if you chose to turn them on. Most good programmers do, however they are off by default so quick oneliners on the commandline and lightning 5-line quick and dirties can be pulled off as well.
TIMTOWTDI (There Is More Than One Way To Do It) sums up the whole philosophy. Spend some time at places like http://www.perlmonks.org/ and then come back and tell me that most Perl programmers create code that can't be maintained.
Homer Simpson?