There's plenty speech that isn't legal as copyright is a restriction on freedom of speech itself (as is libel, slander, fraud, deceptive marketing, threats, shouting "fire" in a crowded theater abd so on),
No, there's a huge difference there.
All the libel, etc. stuff doesn't stop you from speaking - it just makes you pay the consequences. The current efforts goal isn't to make you pay up if you break the law, it's about stopping you before you ever do something potentially illegal.
But that's the whole point. If the Internet had been designed according to government specifications, it would never have been an "equal opportunity" network. There would always have ben a clear differentiation between servers and clients, enforced on the network level.
They're just "fixing" that design "mistake". If it takes IPv7 to do so, then they'll do it. I'm not certain where to put my bets. Governments are slow, but very persistent. They will try and try and try until something works.
How do we know that the app we use indeed came from the source they say it did?
You don't.
However, you do know that their competitor X is providing the same service, using the same source, and if you have any trust issues, you can go there, or run the stuff on your own server.
On a desktop you have a little bit more assurance, but only in theory. If a powerful adversary wants to hit you, then you can't trust your md5 program, you can't trust your compiler, your operating system, your BIOS or even your CPU.
In the vast majority of cases, Free Software isn't really looked at by so many people. You can inspect the sourcecode, but for almost everyone who uses a particular program, that's more of an ideological thing than something they'd actually do.
So in practical terms, the difference really isn't that huge.
FLAMEBAIT make courses harder so that only few students survive END FLAMEBAIT. Seriously, that's how it works.
I went to a private university, very well respected over here because business knows that if you come from there, you're worth your grades.
They do merciless culling after the first semester. In my year, we were 104 when we started. At the end of the first semester, there's a special test. If you don't pass that test, you can't go on into 2nd semester. We were 28 after the test.
I find it hard to realize that he wouldn't know the technical difficulties in replacing a dll while the system is running, Which are what, exactly? Sorry, I'm a Unix dude, I really don't know and I've always been wondering about this part. Aside from the kernel, I can replace everything on most Unix systems without a reboot. Why is that so tricky on windos?
Actually, I think math is a language, but that's beside the point because the reverse isn't true.
Yes, he probably didn't mean what he wrote. Which leaves the question why he wrote it in absolute terms when he didn't mean it. I still think it's better to challenge the words someone (objectively) uttered than the meaning I (subjectively) assume. The assumption might be wrong and then the discussion gets either awkward or confused. In the first case, he can always correct and point out what it really was that he meant.
> Safari can't send mail. If you click on a mailto: link in Safari, it will launch Mail.app. You're picking nits here.
* If Mail.app can send mail, a compromised Mail.app can send spam.
Those "nits" are what makes all the difference. Seperation of programs and their duties is one very good step towards more security. Yes, a compromised Mail.app can send spam. But that gains you nothing if you compromised Safari.
* If Safari can be used to send mail through your webmail servers, it can send spam through them. In theory, yes. In the real world, there are still a number of obstacles to take, including protections by the webmail providers and network delays that are likely to reduce your spam-rate beneath the amount useful.
> Nonsense for any real-world bank. With absolutely no exception, actual banks use additional security, such as TAN lists. Picking nits again.
* If you can make payments through your bank's web page, Safari can transfer money out of your account.
Are you for real? There's a reason that banks use TAN lists, and that reason isn't "nits", it's what makes all the difference - again. And no, your claim doesn't become any more true just because you repeat it. I could give you the URL, account number and even password for my online banking account, and I can transfer money there, and yet you wouldn't be able to, because you still need a TAN number.
You could try to run a man-in-the-middle attack, waiting until I actually make a transfer, serving me a faked website that says the transfer was successful, while in reality making a different one. That's technically possible, but entirely non-trivial and very likely to be discovered almost immediately by anyone even a tiny bit careful.
In a sandboxed environment, you would have a specific download directory (you already do, but bear with me) and Safari would have write priviledges to that directory only.
So "Save File as" is one of those "conveniences" you have to give up.
You also have to give up using many plugins.
Nope. One, what's to say against saving only into the download directory? You can copy files from there. It's a tiny bit less convenient, but not much.
I don't know about many plugins that require write privileges to your file system. Care to name a few?
Straw man: I'm not outlining a "total destruction" scenario, I'm pointing out that a sandbox does not protect you from a compromised application. Except that that is precisely what it's built to do, of course. As I said, I have some SELinux experience. I can easily write a policy for Firefox, for example, that effectively sandboxes it. In fact, I've done crap like that. With a proper policy, I can block everything you've written. And I don't even need a jail, chroot or other nonsense. I've given people root shells on SELinux machines and told them to try and break stuff. Not kids but security professionals and hackers at conferences. Don't try to tell me there's no protection from a compromised application when I've seen protection from a "compromised" root shell.
There are other alternatives than deploying a sandbox or doing nothing, and a sandbox that leaves so many attacks open is something I would rather forgo because it will encourage application writers to depend on the sandbox rather than making the kinds of changes that REALLY need to be made. And that's where we need to concentrate on: fixing the applications to remove the really dangerous features... not things like "save as", but things like "Open 'Safe' files after downloading". I hope that if you use Safari you've checked that one's been turned off. Now that's a point we totally agree on. A sandbox - or almost any other security thing - is just bandaid we plaster around a broken software because we can't fix it. Fixing the crap that's creating the whole security nightmare should be first priority.
Semantics. OP was saying you can't block a meaningful percentage of trojan vectors, not that there are no possible strategies to prevent them Oh, please. Don't start with linguistics if you fail basic reading skills. OP was saying, quote:
There is nothing that any OS can do to prevent trojans. There's an all-quantor there, if you insist on semantics. Maybe he meant what you point out, but he didn't say it.
Mac users are just as human as Windows users and the percentage of stupid users is going to remain the same. You make two assumptions there that I'd like to challenge.
One, that how humans act is independent of the environment and context. Almost everything in psychology strongly suggests the opposite. People in a different environment will act differently. Mac and windos users might be humans, but their experience with the machine are (slightly) different, and those differences can be leveraged. It's not a matter of intelligence, but expectations. If an UAC window gets on your nerves every few minutes, you stop reading them and taking them seriously. On the Mac, such "I need your password" popups are a lot less common, which means people aren't as used to them and more likely to actually read them. One of many examples. And yes, OS X still does a whole lot of things wrong.
Two, that users are stupid. I know this is common in IT. Took me a long time to get over it myself. But fact is that users are not stupid, we make them stupid. Almost all user interfaces currently in use are badly, badly broken. If your car would require you to press three different buttons in three different places with two hands and your nose in order to brake, and car manufacturers would put the horrible number of accidents to "user's are stupid" - that's more like the truth.
Parent shouldn't have been modded "funny". That's exactly the thing. These guys believe themselves above the law, and show behaviour that they'd sent everyone else to Gitmo for.
Given that the legislative branch regularily passes laws that clearly (and, a few years later, also by Supreme Court decision) are unconstitutional, and the executive branch has already declared itself above the law, ignores laws and constitution wherever it suits them, and passes retroactive immunity laws where it can't - putting all that shit together, doesn't it strike you as a good thing that the judicial branch is taking a strong stand?
As I said, no single countermeasure will ever stop all possible attacks, so we agree on that.
And yes, I agree that more limits on programs is a great thing to do. It just requires one little thing that most software developers are too lazy to do: The program needs to be able to tell the OS (e.g. at install time) everything that it expects to do under normal circumstances. If it wants to send mail, it must say so at install time, not suddenly "remember".
Speaking as an Ubuntu user, I get seriously annoyed by the frequency of password prompt on the mac. What are you doing? I regularily go for many days without seing that prompt at all, unless you count the login screen.
Mac users are just as likely to type in their password as are Windows users. Evidence for that claim?
Mac's "I need your password" dialog is better done and, more importantly, a lot less common than windos UAC. As such, most Mac users don't roll their eyes and mutter "get on with it already, moron" when it pops up. In fact, when it pops up, I either expected it to, or it surprises me enough that I actually read what it's about.
There is nothing that any OS can do to prevent trojans. (At least not without seriously limiting the functionality of legitimate programs.) Nonsense. Of course there are things you can do. None of them are easy, or entirely without inconvenience, but there are.
You could, for example, get away from the "root == god" paradigm and add a user (or group) for more day-to-day admin tasks. Reserve the highest priviledge level for modifications to the core system, i.e. the OS and core tools. To install an additional screensaver shouldn't require those top-level priviledges. That way, you could alarm users very strongly when a tool requires top-level priviledges, and tell them in no uncertain terms that this is highly unusual.
You'd not eliminate all attacks, but you would make the usual total-control takeover a lot more difficult.
There are other methods. I just outlined one to show that your claim as to "nothing" is overblown.
But what it does stop is one gamer taking the legitimate game and burning a bunch of copies for his friends, going over to their house with a portable HDD with the game and making a copy, going to school and tossing it on every machine there True, except that we've stopped making copies like that years ago. Today, even if I own a legit copy, if my friends want to have one, they will more likely download a torrent than ask me to lend it to them.
For thousands of years, the big reason to control a woman's sex was so you, her husband or father, knew who fathered her children. Maybe. However, the fact that sexuality of males was subject to the same religious and social taboos makes it obvious that this can't be the whole story. As such, I stand by my original claim and yours is an additional "benefit" or beneficial side-effect at best.
Religion to terrorism. Not only do they go hand-in-hand often enough but they seem to operate on very similar principles. They do. The principle is fear, uncertainty and doubt.
Terrorism creates it by producing a real threat in a way that makes you over-estimate the likelyhood of becoming the next victim. Your chances of dying in a car accident are actually several orders of magnitude higher than the chances of dying in a terrorist attack anywhere in the world except Israel (there, and only there terrorism is a real and present danger).
Religion creates it by making bold claims about things that you can not disprove. If repeated often and long enough, you get the Pascal effect - people become religious "just to be sure". Religion is also an evolutionary branch, a mutation if you want, on the way from prehistoric magical thinking "When I dance, it will rain, because I've seen it happen once" to scientific thinking "Interesting coincidence, let's test if there is a causal relation". Strong book suggestion: "The Golden Bough" by James Frazer. If you read that, religion suddenly looks like a dumb idea someone once had and for some reason couldn't get rid of when he grew up. Only that said "he" is humanity as a whole.:(
Unless you can could turn it off, it just sounds like DRM.
Try the order "reading, understanding, replying" next time.
non-executable memory has nothing whatsoever to do with DRM. It's a security feature that ensures that even if an attacker successfully overwrites some of your data in memory, he can't execute the code he's stuffed there (say, through a buffer overflow). It's a simple trick that kills about half of the current exploits just like that.
I personally like OpenBSDs write-xor-execute (W^X) implementation a lot, where as soon as you write to a memory page, you can't execute code from it anymore. Again: About 50% of current exploits == dead and down.
It's got a few downsides, as the ability to write-and-execute is used by some common tools that will break if they aren't adapted. gcc, for example, used (still uses? not sure) so-called trampolins, which (in a positive sense) exploited that ability.
I look at it this way on my iMac, if that password prompt comes up and I didn't click initiate it from some update I know came from Apple or I was loading a package I downloaded I am going cancel the process. Yet I am quite sure my friends SO would dutifully type the password in. Can't be helped. Sometimes people cannot accept they did something wrong even when you show them You can thank microsoft and their Vista abomination for that. Confirmation dialogs only work if they are used in moderation, otherwise behaviour will adapt to accept them as normal routine. OS X does a much better job (still not perfect) and when such a dialog pops up, it is usually expected because it's something like a software installation. When you get these "are you really sure that you're sure that you already told me twice that you're sure?" dialogs every 30 seconds, you stop thinking about them. Thank you, UAC.
Won't matter. Most malware is installed via the user while installing the latest screensavers, emoticon packs, and browser toolbars. Nothing will ever be able to defeat the uneducated user. But you can leverage what intelligence the user does have.
For example, you can have a profile of what a screensaver, a theme set, a music player, etc. is allowed to do. On installation, the software identifies itself as what it is (according to a limited list of possibilities), and the user is asked for confirmation. Then the software is sandboxed according to the appropriate profile.
So a screensaver would say "I'm a screensaver", and be allowed to, well, lock the screen and display stuff on it. If it tries to read any files besides its own config, it'd get killed. If it tries to identify itself as, say, a "text editor" in order to be allowed to read your files, even an uneducated user could say "er, what? I wanted a screensaver".
User's aren't really stupid. We, the tech people, just don't give them a chance to act in any non-stupid way.
The number of comments on this, vs. more "important" topics is interesting.
Obviously, this touched a nerve with people. Probably two:
One, the fat people who are, of course, personally offended and write in with all kinds of valid, semi-valid and "look behind you, a three-headed monkey!" arguments.
Two, the slim people who are tired of all the "tolerance" bullshit. Like me. If you're fat, you are fat, not "rubens-figured". I do not want to sit next to you on the train, and if you go to the beach, please wear something that covers as much as possible. A Burka would do nicely. But - and that's the point - we've been brought up on "tolerance". 20 years ago, you'd been laughed at in school for being "Fatty" or "Piggy" or whatever, and peer-pressure would have been a great incentive to lose weight and shape up. These days, there are few incentives, because everyone will tolerate you.
I've long been of the opinion that tolerance is being valued too much over honesty.
The problem is that it is not in principle possible to build a sandbox around an application like Safari that would both permit it to do the useful things it is supposed to do and prevent it from doing malicious things. Of course it is. If you are willing to be strict and sacrifice a few "features". To offset your credentials, I've been doing security for a living for 10 years, including several years working on SELinux.
* If Safari can make connections to websites, then Safari can make connections to botnet peers and engage in attacks on websites. Yes, provided all of this runs over HTTP, HTTPS or another built-in protocol.
* If Safari can send mail, it can send spam. Safari can't send mail. If you click on a mailto: link in Safari, it will launch Mail.app. Mail will open the "new mail" window, possibly with some fields pre-filled. Note that the user still needs to actually send the mail. I'm not aware of any way for Safari to cause an actual mail to be sent out without further user interaction.
* If Safari can read my keychain, it can read my website passwords and pass them to an attacker. True.
* If Safari can open my bank's web page, it can transfer money out of my account. Nonsense for any real-world bank. With absolutely no exception, actual banks use additional security, such as TAN lists. Safari may be open to access (and send to an attacker) your balance, but if you can transfer money from your bank account without an additional layer of safety, you should change your bank, not your browser.
* If Safari can upload files, it can upload them places I don't want it to access. * If Safari can download files, it can "download" garbage over the files I value. I'm not sure about the implementation of upload in Safari, so I can't say for sure whether it can choose files to upload or if that is, say, a Finder dialog.
But the download argument is a strawman. In a sandboxed environment, you would have a specific download directory (you already do, but bear with me) and Safari would have write priviledges to that directory only. And if you put the files you value in your download folder, you're an idiot.:-)
* If Safari can do the things I need Safari to do, a compromised Safari can do the things I don't want it to do. Yes, it could make every website you visit silently redirect to disney.com - but that's a far cry from the "total destruction" scenario you outline.
Some of your claims are valid, some aren't. Roughly 50:50. A sandbox model would take care of many of the problems. Not all. It never claimed it would, either. But it definitely solves problems and is much, much better than doing nothing.
The question is simple: why are natural things like nudity, sex, and sexual intercourse considered obscene to begin with? Is it neccessary for society to function? Is it important to have a line drawn somewhere, for fear that if the line gets pushed, even more extreme things may become the norm? No. To control a society through fear (of terrorism, eternal damnation, or whatever the meme of the day is) you need to make sure that said fear is present at all times.
Sexuality is an excellent choice for a religion-dominated control-through-fear approach. It's one of the strongest natural drives, but contrary to hunger, thirst or the opposite bodily functions, you can actually suppress it for a long time. Thus you can have "good" examples to tell all the normal people that they are abnormal, evil, and will certainly go to hell unless... and the unless is what puts you in power.
Worked in Europe for almost two thousand years. In some more primitive parts of the world, including certain regions of Europe and the US, it still works quite well.
It is precisely because nudity and sex are such normal and natural things that they are made taboo.
There's plenty speech that isn't legal as copyright is a restriction on freedom of speech itself (as is libel, slander, fraud, deceptive marketing, threats, shouting "fire" in a crowded theater abd so on),
No, there's a huge difference there.
All the libel, etc. stuff doesn't stop you from speaking - it just makes you pay the consequences. The current efforts goal isn't to make you pay up if you break the law, it's about stopping you before you ever do something potentially illegal.
But that's the whole point. If the Internet had been designed according to government specifications, it would never have been an "equal opportunity" network. There would always have ben a clear differentiation between servers and clients, enforced on the network level.
They're just "fixing" that design "mistake". If it takes IPv7 to do so, then they'll do it. I'm not certain where to put my bets. Governments are slow, but very persistent. They will try and try and try until something works.
How do we know that the app we use indeed came from the source they say it did?
You don't.
However, you do know that their competitor X is providing the same service, using the same source, and if you have any trust issues, you can go there, or run the stuff on your own server.
On a desktop you have a little bit more assurance, but only in theory. If a powerful adversary wants to hit you, then you can't trust your md5 program, you can't trust your compiler, your operating system, your BIOS or even your CPU.
In the vast majority of cases, Free Software isn't really looked at by so many people. You can inspect the sourcecode, but for almost everyone who uses a particular program, that's more of an ideological thing than something they'd actually do.
So in practical terms, the difference really isn't that huge.
I went to a private university, very well respected over here because business knows that if you come from there, you're worth your grades.
They do merciless culling after the first semester. In my year, we were 104 when we started. At the end of the first semester, there's a special test. If you don't pass that test, you can't go on into 2nd semester. We were 28 after the test.
Actually, I think math is a language, but that's beside the point because the reverse isn't true.
Yes, he probably didn't mean what he wrote. Which leaves the question why he wrote it in absolute terms when he didn't mean it. I still think it's better to challenge the words someone (objectively) uttered than the meaning I (subjectively) assume. The assumption might be wrong and then the discussion gets either awkward or confused. In the first case, he can always correct and point out what it really was that he meant.
You're picking nits here.
* If Mail.app can send mail, a compromised Mail.app can send spam.
Those "nits" are what makes all the difference. Seperation of programs and their duties is one very good step towards more security. Yes, a compromised Mail.app can send spam. But that gains you nothing if you compromised Safari. * If Safari can be used to send mail through your webmail servers, it can send spam through them. In theory, yes. In the real world, there are still a number of obstacles to take, including protections by the webmail providers and network delays that are likely to reduce your spam-rate beneath the amount useful. > Nonsense for any real-world bank. With absolutely no exception, actual banks use additional security, such as TAN lists.Picking nits again.
* If you can make payments through your bank's web page, Safari can transfer money out of your account.
Are you for real? There's a reason that banks use TAN lists, and that reason isn't "nits", it's what makes all the difference - again. And no, your claim doesn't become any more true just because you repeat it. I could give you the URL, account number and even password for my online banking account, and I can transfer money there, and yet you wouldn't be able to, because you still need a TAN number.You could try to run a man-in-the-middle attack, waiting until I actually make a transfer, serving me a faked website that says the transfer was successful, while in reality making a different one. That's technically possible, but entirely non-trivial and very likely to be discovered almost immediately by anyone even a tiny bit careful.
In a sandboxed environment, you would have a specific download directory (you already do, but bear with me) and Safari would have write priviledges to that directory only.So "Save File as" is one of those "conveniences" you have to give up.
You also have to give up using many plugins.
Nope. One, what's to say against saving only into the download directory? You can copy files from there. It's a tiny bit less convenient, but not much.I don't know about many plugins that require write privileges to your file system. Care to name a few?
Straw man: I'm not outlining a "total destruction" scenario, I'm pointing out that a sandbox does not protect you from a compromised application. Except that that is precisely what it's built to do, of course. As I said, I have some SELinux experience. I can easily write a policy for Firefox, for example, that effectively sandboxes it. In fact, I've done crap like that. With a proper policy, I can block everything you've written. And I don't even need a jail, chroot or other nonsense. I've given people root shells on SELinux machines and told them to try and break stuff. Not kids but security professionals and hackers at conferences. Don't try to tell me there's no protection from a compromised application when I've seen protection from a "compromised" root shell. There are other alternatives than deploying a sandbox or doing nothing, and a sandbox that leaves so many attacks open is something I would rather forgo because it will encourage application writers to depend on the sandbox rather than making the kinds of changes that REALLY need to be made. And that's where we need to concentrate on: fixing the applications to remove the really dangerous features... not things like "save as", but things like "Open 'Safe' files after downloading". I hope that if you use Safari you've checked that one's been turned off. Now that's a point we totally agree on. A sandbox - or almost any other security thing - is just bandaid we plaster around a broken software because we can't fix it. Fixing the crap that's creating the whole security nightmare should be first priority.One, that how humans act is independent of the environment and context. Almost everything in psychology strongly suggests the opposite. People in a different environment will act differently. Mac and windos users might be humans, but their experience with the machine are (slightly) different, and those differences can be leveraged. It's not a matter of intelligence, but expectations. If an UAC window gets on your nerves every few minutes, you stop reading them and taking them seriously. On the Mac, such "I need your password" popups are a lot less common, which means people aren't as used to them and more likely to actually read them. One of many examples. And yes, OS X still does a whole lot of things wrong.
Two, that users are stupid. I know this is common in IT. Took me a long time to get over it myself. But fact is that users are not stupid, we make them stupid. Almost all user interfaces currently in use are badly, badly broken. If your car would require you to press three different buttons in three different places with two hands and your nose in order to brake, and car manufacturers would put the horrible number of accidents to "user's are stupid" - that's more like the truth.
Parent shouldn't have been modded "funny". That's exactly the thing. These guys believe themselves above the law, and show behaviour that they'd sent everyone else to Gitmo for.
Given that the legislative branch regularily passes laws that clearly (and, a few years later, also by Supreme Court decision) are unconstitutional, and the executive branch has already declared itself above the law, ignores laws and constitution wherever it suits them, and passes retroactive immunity laws where it can't - putting all that shit together, doesn't it strike you as a good thing that the judicial branch is taking a strong stand?
As I said, no single countermeasure will ever stop all possible attacks, so we agree on that.
And yes, I agree that more limits on programs is a great thing to do. It just requires one little thing that most software developers are too lazy to do: The program needs to be able to tell the OS (e.g. at install time) everything that it expects to do under normal circumstances. If it wants to send mail, it must say so at install time, not suddenly "remember".
Mac's "I need your password" dialog is better done and, more importantly, a lot less common than windos UAC. As such, most Mac users don't roll their eyes and mutter "get on with it already, moron" when it pops up. In fact, when it pops up, I either expected it to, or it surprises me enough that I actually read what it's about.
You could, for example, get away from the "root == god" paradigm and add a user (or group) for more day-to-day admin tasks. Reserve the highest priviledge level for modifications to the core system, i.e. the OS and core tools. To install an additional screensaver shouldn't require those top-level priviledges. That way, you could alarm users very strongly when a tool requires top-level priviledges, and tell them in no uncertain terms that this is highly unusual.
You'd not eliminate all attacks, but you would make the usual total-control takeover a lot more difficult.
There are other methods. I just outlined one to show that your claim as to "nothing" is overblown.
No, having Internet access is not an inconvenience.
But having to have Internet access is an inconvenience.
Terrorism creates it by producing a real threat in a way that makes you over-estimate the likelyhood of becoming the next victim. Your chances of dying in a car accident are actually several orders of magnitude higher than the chances of dying in a terrorist attack anywhere in the world except Israel (there, and only there terrorism is a real and present danger).
Religion creates it by making bold claims about things that you can not disprove. If repeated often and long enough, you get the Pascal effect - people become religious "just to be sure". Religion is also an evolutionary branch, a mutation if you want, on the way from prehistoric magical thinking "When I dance, it will rain, because I've seen it happen once" to scientific thinking "Interesting coincidence, let's test if there is a causal relation". Strong book suggestion: "The Golden Bough" by James Frazer. If you read that, religion suddenly looks like a dumb idea someone once had and for some reason couldn't get rid of when he grew up. Only that said "he" is humanity as a whole. :(
Unless you can could turn it off, it just sounds like DRM.
Try the order "reading, understanding, replying" next time.non-executable memory has nothing whatsoever to do with DRM. It's a security feature that ensures that even if an attacker successfully overwrites some of your data in memory, he can't execute the code he's stuffed there (say, through a buffer overflow). It's a simple trick that kills about half of the current exploits just like that.
I personally like OpenBSDs write-xor-execute (W^X) implementation a lot, where as soon as you write to a memory page, you can't execute code from it anymore. Again: About 50% of current exploits == dead and down.
It's got a few downsides, as the ability to write-and-execute is used by some common tools that will break if they aren't adapted. gcc, for example, used (still uses? not sure) so-called trampolins, which (in a positive sense) exploited that ability.
For example, you can have a profile of what a screensaver, a theme set, a music player, etc. is allowed to do. On installation, the software identifies itself as what it is (according to a limited list of possibilities), and the user is asked for confirmation. Then the software is sandboxed according to the appropriate profile.
So a screensaver would say "I'm a screensaver", and be allowed to, well, lock the screen and display stuff on it. If it tries to read any files besides its own config, it'd get killed. If it tries to identify itself as, say, a "text editor" in order to be allowed to read your files, even an uneducated user could say "er, what? I wanted a screensaver".
User's aren't really stupid. We, the tech people, just don't give them a chance to act in any non-stupid way.
The number of comments on this, vs. more "important" topics is interesting.
Obviously, this touched a nerve with people. Probably two:
One, the fat people who are, of course, personally offended and write in with all kinds of valid, semi-valid and "look behind you, a three-headed monkey!" arguments.
Two, the slim people who are tired of all the "tolerance" bullshit. Like me. If you're fat, you are fat, not "rubens-figured". I do not want to sit next to you on the train, and if you go to the beach, please wear something that covers as much as possible. A Burka would do nicely. But - and that's the point - we've been brought up on "tolerance". 20 years ago, you'd been laughed at in school for being "Fatty" or "Piggy" or whatever, and peer-pressure would have been a great incentive to lose weight and shape up. These days, there are few incentives, because everyone will tolerate you.
I've long been of the opinion that tolerance is being valued too much over honesty.
* If Safari can download files, it can "download" garbage over the files I value. I'm not sure about the implementation of upload in Safari, so I can't say for sure whether it can choose files to upload or if that is, say, a Finder dialog.
But the download argument is a strawman. In a sandboxed environment, you would have a specific download directory (you already do, but bear with me) and Safari would have write priviledges to that directory only. And if you put the files you value in your download folder, you're an idiot. :-)
* If Safari can do the things I need Safari to do, a compromised Safari can do the things I don't want it to do. Yes, it could make every website you visit silently redirect to disney.com - but that's a far cry from the "total destruction" scenario you outline.Some of your claims are valid, some aren't. Roughly 50:50. A sandbox model would take care of many of the problems. Not all. It never claimed it would, either. But it definitely solves problems and is much, much better than doing nothing.
Sexuality is an excellent choice for a religion-dominated control-through-fear approach. It's one of the strongest natural drives, but contrary to hunger, thirst or the opposite bodily functions, you can actually suppress it for a long time. Thus you can have "good" examples to tell all the normal people that they are abnormal, evil, and will certainly go to hell unless... and the unless is what puts you in power.
Worked in Europe for almost two thousand years. In some more primitive parts of the world, including certain regions of Europe and the US, it still works quite well.
It is precisely because nudity and sex are such normal and natural things that they are made taboo.