We don't know nearly enough about the probabilities to calculate anything.
We don't have values for any of the terms for the Drake Equation, for instance. http://skytonight.com/resources/seti/3304541.html From that URL: "ne is the average number of "Earthlike" planets (potentially suitable for life) in the typical solar system..."
Until we have a terrestrial planet finder, at a minimum, we'll have no idea of what constitutes a typical solar system, even in this region of the galaxy. We still wouldn't know whether the properties of a typical solar system vary by distance from the nucleus, via data from any planet finder we're likely to build. I'm only guessing that it could be possible for properties to vary by distance to nucleus. Maybe an astronomer here could provide some estimates based on what we know about gas cloud composition or something?
ne is only one term of seven in the Drake Equation. Again, I don't see that we have any basis for anything beyond absolutely wild guesses.
Enrico Fermi wasn't someone widely regarded as being "full of it." Or whose thoughts were at all likely to be "foolish." Anyone with an *element* (atomic number 100, fermium) named after them is generally going to have some pretty serious credibility with me, anyway. Some say that Fermi never actually asked the "Where are they?" question. Assuming he did, he may have been thinking in terms of an appropriate framework for approaching the problem, rather than attempting to prove that we were alone. We're not likely to ever know--but the man was certainly capable of very deep thought.
I very much *hope* that there is extraterrestrial intelligent life in this galaxy, though I'm not sure I *believe* in it. I've found the question worthwhile enough to have sporadically contributed a lot of cycles to SETI@HOME, over the years. Possible resolutions of Fermi's Paradox are highly interesting to me.
But your examples completely miss the essence of the paradox, which is that *someone*, not any one particular species or civilization would have been detected.
Great link! While I don't agree with quite all of this essay (particularly bits under Problem #7: That FOSS thing.[1]), the vast majority is dead-on. It would take me many, many hours to write something that probably would not be as good. I've spent untold hours over the years explaining bit and pieces of what's contained in it.
Dominic Humphries has placed it under a Creative Commons License: The URL http://linux.oneandoneis2.org/LNW.htm must be supplied in attribution. To answer many questions, I think I'll just redistribute under his license terms, and document where our opinions differ.
[1] My perspective does *not* match that of many Slashdotters, who often seem to overwhelming post from the perspective of a home user. This article would be a good example, as my posts to it will prove. While I'm a home user, and currently admin a security lab environment, I've spent time in large commercial Unix and Linux installation environments, and contract into that environment for a living. I try to view things from both perspectives, but often fail.
Even if I had a perfect success rate at this, I'd still be off base with some (many?) posts, because I have zero exposure to, say, the huge embedded space. I can try to extrapolate into that space, much like a programmer who knows many languages (that's not me--90% of my code is written in perhaps half a dozen languages) can often extrapolate into a language he/she has only read about (often only on the Web, USENET, etc., and there is something to be said for editorial review) but there's no real substitute for experience.
And sometimes I'm just short on sleep and irritable, reading Slashdot while waiting for a client to get back to me, etc. After all, it's only Slashdot, and best not taken too seriously.
In fact, I think I'll just pop this into my journal, and change my sig.
"#11 - The ability to have a user install their own package easily and transparently, under their home-dir (not applicable to all packages, of course.) Then, when that package is installed on the base system, it should also remove the user package and symlinks (/home/user/bin.) It's not cool to need root to run yum or apt, or require sudo privs when I just want to get something simple. This is especially important in a multi-user system."
A multi-user system is where you most need that root/unprivileged user separation. Users can do the oddest things. Such as sucking up all available disk space, CPU cycles, etc. You get wildly different results depending upon whether those multiple suers are simultaneous or not, etc.
You could see an explosion of the workload the package system sees. How many users are on the system? If two versions of a package are installed in/home/alice and/home/bob, how are conflicts resolved by the package management software when an admin wants to install that package (possibly another version) at a system level?
Is the admin now supposed to contact everyone involved (maybe waiting two weeks wile someone returns from vacation, etc.) before they can get their job done? Or maybe spend the time to analyze some mentally and/or physically absent user's environment, then perform some difficult to support hack (remember, a possibly large number of users) on their $PATH?
Privilege separation is one of the basic principles of a Unixy OS. One of the main reasons that it's there is precisely to make multi-user systems possible. There's pretty much zero chance of this going away because some user says, "It's not cool to need root to run yum or apt." Admins have heard this since, well, forever. Very often from a user who wants to make *their* life easier, and doesn't consider *other* users or admins. Of course, this is the same sort of user who will install some stupid resource pig of an app, want the firewall punched out immediately for some obscure network app nobody's ever heard of, etc.
"I just want to get something simple." Define simple. Some users are going to be deeply knowledgeable, some far less so. The forkbomb (`$0 & $0 &`) is simple. Go ahead and run it from a bash prompt--but make sure your system resources are well controlled first. There can be a vast chasm between simple and benign. I know admins that won't allow an executable bit set for a user's files (let alone cron access, binding a network app to high ports, etc.) until they have some idea of the user's competence. They aren't Nazis; they're protecting a system with dozens of users.
Someone please mod parent up. There is plenty of commercial software for Linux. Most of the posts from this article are from the perspective of people who sound very much like home users, or admins of small installations. I'm not knocking that--it's an important piece of the Linux world. But it's only one piece, not the whole of it.
"I believe that the set of people who want to go gung-ho securing their boxes, who know what they're doing, AND who can't be bothered to recompile packages from SRPM form is very small."
From the perspective of a desktop user or admin of a small installation, you're likely correct. From the perspective of a large installation admin, probably not, at least in terms of end result.
In the latter case the problem probably wouldn't be so much of a 'can't be bothered' thing, so much as time constraints brought on be either of two things: a) the need to push out a package upgrade quickly because of a pressing security issue, or someone higher on the corporate food chain clamoring for some new bit of functionality, or b) the systems group has innadequate resources to do more than push binaries.
There can also be issues related to some sort of vendor support breakage if they leave the the world of standard packages. There are lots of apps out there that are supported by companies other than the Linux distributor. This sort of thing adds another possibility of something going wrong, and you being stuck between two vendors who each claim it's the other's problem.
I've only seen education be even somewhat effective a few times. And that was in corporate settings. I don't see things as any better in government settings. For general consumers I've no hope at all. I see little or no evidence that most consumers *want* to be educated. Though they might, after the first time they're phished.:) They want to Do Stuff, not Learn Stuff.
The consumer solution probably lies with the manufacturer, possibly via generating a random password as the last step before packaging the device. On first boot, you would have to connect to it with a browser, and the device would then display the password, and prompt the user to make a note of it (with lots of dire warnings, in a large red font). Only after having connected locally via browser would the device establish the WAN side connection, then present a login screen--hopefully catching a large percentage of those people who didn't make a note of it, and have already forgotten it. Only after a successfull password change would the device consider a boot to not be a first boot.
You'd proably want to test the exact order of this. For instance, it might make more sense to only consider first boot conditions satisfied after another successfull login. That would probably reduce the rate of immediate service calls. Other solutions probably exist--this is just off the top of my head.
Some still won't make a note of that password, or they'll eventually lose the note, so there will be an added helpdesk load in any case. Follow the money. The current situation now places the *entire* financial burden (recovery from being phished can be expensive and time-consuming) on the consumer. I'd consider shifting *some* of the burden back to the vendor via a small increase in support costs a reasonable thing. But it's unlikely to happen before a lot more bad press is generated.
I usually advocate running own DNS resolver on the LAN side--keeping something this critical on a system you have more control of, and a hop or two deeper into the LAN. It's an innexpensive process to run, on Unix-y machines, anyway. So even if you only have a single computer, it's a useful security addition. Although I assume there's a possibility for playing games with any DNS data cached on the router, and cacheing might be something the broadband providers would consider worth doing in the interests of lightening the load on their DNS systems. LAN side DNS can also speed your network operations tremendously. My provider went through a period of several *months* of slow DNS response. Of course, that was while they were the only game in town. When another provider appeared, the problem dissappeared immediately.:)
Does anyone know of any broadband routers that are actually known to cache DNS lookups?
Not sure I agree with Kadin2048's definition of 'public sector'. But especially as contractors have been in so much in the news lately (not just Blackwater and others of the same sort), I wish someone with mod points would hang an 'interesting' on the parent post.
I'm used to this term referring to.edu,.gov., etc. Did you mean 'private sector'? Or do we need a new term for corporations that have agreed to not recruit from each other's work force (which might *gasp* improve the workers bargaining position), but rather whore their workers out via contract?
That's a hot button for me, as back in the mid-eighties, I saw two semiconductor companies (the only two) in the same small town work a no-pilfering agreement. If you worked for one, the other absolutely would not hire you--even if they had to transfer people in from out of state to fill a position. And we're talking fully paid moves as part of expensive relocation packages, etc. Not cheap to do, IOW. There was a minor flap about it in the local paper, but nothing could ever be proven. It was just an informal agreement, not a formal policy, so there wasn't any paper trail, and I can't recall if it was even illegal. I'm only sure it happened because well *before* the flap, my GF mentioned it to me--she worked in HR.
That's one example of the rapacity of huge corporations, even back then. Here's another. When Intel built their first 9.x fab in Rio Rancho, NM, they got mondo incentives. Enough that the local government had to absorb a large influx of people, with no added financial resources. How bad did it get? Well, central New Mexico is a high desert. The Albuquerque/Rio Rancho area is at about the same altitude as Denver, and drier. I was renting, so I didn't pay any attention to what property taxes where doing, but I do know that finally, on a 4th of July, I turned on the tap and no water came out. This was after some time of decreasing pressure. Wafer fabs are water-intensive. And yes, I was on city water.
I bailed. To this day, I still have a love/hate relationship with Intel. I had significant opportunities, did some of my best work, and worked with some kick-ass engineers and managers--the best in my semiconductor career. Intel put a lot of resources into the new fab, as it was the first full-on production 80386 facility, and was expected to do $1B in it's first year of operation. That was huge, back in the day. Intel was much smaller then, and this was when the Intel/Motorola tide turned, as BatWings failed to answer the '386 challenge.
BTW, I've worked for Moto as well, and Intel hired me away from AMD. So I came in on one of those great emergency deals. They needed me badly enough that the movers showed up the day after became available. My vehicle was loaded, as well as household goods, and I flew out to temp lodgings, a rental car, and some wonderful career stuff, including a chance to do some sweet research, rather than just production process engineering.
There's another tale there--when I applied to Intel, I wanted Oregon. That was closer to home, and where the R&D happened. I was told there were no jobs in Oregon, but there was this New Mexico gig, which would also involve some serious R&D. I ended up shuttling between the two sites as the process was ported (this is complex stuff, with many $ at stake) and the Oregon project lead engineer (whom I'd become fairly friendly with, as we'd been working together for a while now) one day told me that he'd wanted to hire me, but the corporate New Mexico need was greater, he'd come under some pressure, and finally agreed to tell me that the only job was the New Mexico gig. He could only hire me if I declined the New Mexico gig. I blew it off at the time. It was something of an eye-opener (I was pretty young at the time), but I'd never been around a fab where everyone had such long, serious faces. Moto and AMD had both had some seriously fun folk to work with, and the atmosphere was a bit depressing.
OK, there's a quick shot of history for everyone. Now, everyone who thinks that multinationals have become *less* rapacious in the subsequent 20 years raise please your hands. My take is that you:
- Never, *ever* believe what you're told--that's j
"We make the arrogant assumption that CoE applies universally in all cases, that there may not be cases where, under certain conditions it can be circumvented, without truly any knowledge that this is true or testing each one of the infinite number of possible conditions. Scientists, essentially, believe they know everything, and that their theories are perfect and complete,..."
I'm wondering how we test each of an infinite number of conditions. I expect to remain at least somewhat occupied with this until I finally meet a scientist who believes he/she knows everything, at which point I suppose I can just ask. I'll probably also ask how acceptance of the law of conservation of energy can be described as "arrogance" while I have this being's attention. They're rare enough that I've never heard of (much less met) one, so it would be best not to waste the opportunity.
I think you're cutting Nortel too much slack. They've a current market cap of nearly $12 billion. This isn't small time; they've been larger (for most definitions of large, not just market cap) than Apple for most of their history.
VPN clients are pretty much universally regarded as business software--often mission-critical business software. Once they made the decision to release a Mac version, they should have supported it as such. That might mean some slight delay, due to the differences in Microsoft/Apple market sizes, but *five months*? That's ridiculous. It's a significant percentage of a release's time as the current version.
"The enterprise." What a sad joke that phrase is. This post is not directed strictly at you, BTW.
I remember when it meant a heterogeneous OS environment, branch offices at a minimum, and multinationality and thousands of employees at least implied. Then I began to see surveys, etc., which ran down through corporation with a presence only in single countries, with perhaps a few hundred employees, to the current SME, which has at least some overlap with SOHO.
Seriously. For the last few *years* I've seen Web forms of various (fill out for our free white paper, etc.) types which presented me with a radio button to describe the size of my 'enterprise' as 1-5 employees. That's just one example, though probably the one I, personally, have seen the most. I've even seen the term (still in shrinkage mode) used in research papers over the years.
Depending upon your line of business (a few neighborhood kids in a lawn mowing group comes to mind), that 1-5 number of employees implies that a Z80 running CP/M and BASIC could be an enterprise-class system. Sigh. Another free service to the community from the marketroids, I guess.
IMHO, any post that uses the word these days is going to spark a lot of disagreement, simply because it's a marketing term which now has little or no meaning beyond a mere 'business' v 'personal' connotation.
Could be, but I doubt it. In the case of media stuff, the loss is probably proportional to immediacy. If a game, movie, CD, even an operating system (Google on Vista leaks) leaks widely, just as the thing is supposed to be ramping sales in huge way, it has to hurt, say, stock share prices.
If it's old, and stolen copies are already widely available, the losses probably aren't perceived as so immediate and crushing. That's not to say those losses aren't harmful in the long run--just that they aren't necessarily *perceived* that way. The real figures would obviously vary on a case-by-case basis. The third installment of Pirates of the Carribean is obviously more immediately valuable than some random programmer's backup program.
In general terms, the security gameplan would be to strictly limit physical or network access to the work in progress, and any ancillary data concerning it--budgets, cost and deliverables projections, etc., while the project is active. When the project is complete, take it offline, and require physical access--tape vault or something. When you do that probably goes back to immediacy. A year after the third installment of Pirates of the Carribean is out (probably much sooner, maybe *before* official release), perfect copies will be widely available.
Which makes you wonder if backup media in a tape vault is even worthwhile, as a business case. The metadata might be worth more (licenses, tech notes, or whatever) than even the viewer content of an HD movie, which you can (probably safely) presume is going to be widely available soon after (at a minimum) release. Attacks against HD DVD (recently mentioned here on Slashdot), like all attacks, are only going to get better.
Sorry if this seems incoherent. Thought-provoking topic for a security guy. But things are busy just now, and this is only Slashdot, after all.
Above, an AC posted a link to http://www.oracle.com/technology/oramag/oracle/06- may/o36lucas.html which sez the answer to your question is 'tape'. Makes sense, I suppose. Storing old movies which require TB don't sound like something to store on- or near-line. I doubt much of it is reusable, on a day to day basis. When you launch a major project (make Greedo shoot first or something) for it, then it's in the books, and you have a business requirement to fill on-line storage, acquire more if you need it, etc.
"Windows and Office licenses are cheap." Cheap is relative, even if you don't consider extra baggage related to spyware, virus detection, etc. I've seen $10K or so for licenses be a showstopper for projects even in large companies. The departmental budget was spent. End of story. The projects didn't happen. Well, in some cases they did, when the next budget hit, but in the meantime there was much wailing and gnashing of teeth.
Custom apps are definitely a sticking point. You'll get no argument from me on that one. I blame a lot of that on CTOs (or whoever is filling that role, whether the title comes with the job or not) that don't or can't do their jobs. To my mind, if you're in that role, and your plan is to always be based completely around one software vendor, who has been more or less constantly in legal trouble (for many years) for anticompetitive behavior, you really need to periodically pull your head out long enough to at least take a look around. Your employer is wasting the money spent on your compensation package.
I realize that's too much of a blanket statement to be anything like correct in every case. There are entirely valid reasons for being an MS-only shop. But I also see it happen for all the *wrong* reasons--frequently just inertia.
Actually, nofollow predates Google. It dates back to at least HTML 2.0, so sometime around '94 or so. Google launched in 1998. It's original intent really was nofollow, not the 'don't index' that Google and some other engines mutated it into, which is what turned it into the ugly hack that you described it as.
I don't really subscribe to the Google==Good viewpoint commonly seen on Slashdot. I'm not saying Google==Evil, just that very little in this world is an unalloyed good, and that very much applies to Google. Most of my reasons are off-topic, but a bit of it is also abusing a standard for a temporary corporate gain. This is especially egregious when done by players who are so large that the original intent of a standard is completely lost. Which clearly is the case here.
Viewers are good for version independence, but not for vendor independence. Unless these run under Wine or something, you're still locked into a MS OS. Until OO supports the format. Or you could open the archive, sed the XML off, and at least have text. Any graphics are in there as well...
This shouldn't be too difficult an issue. I doubt it will take long.
My statics isn't up to understanding everything on the reference link. The pieces that I do grok--well, I guess I need to see what the story is with OO Calc. It may not be any better.
On the theory that anything that cleans up the gene pool is, by definition, A Good Thing, we can only hope. Plus, if there's another Heaven's Gate event, we get to see puff pieces in most media, as all the sensitive types act as if nutjobs leaving the planet (suicide still gets them off the planet) were somehow A Bad Thing. We should get at least a Geraldo Rivera special out of it.
"So sad." "A tragedy." and the immortal "Think of the children."
Yeah, some relatives, SOs, and such would suffer. Sorry about that. I don't wish any misery on them, but shit happens. If whoever offs themselves were crazy enough to do a Heaven's Gate thing, some sadness was headed for those that cared about them, in any event. The general population shouldn't waste much sadness on nutjobs voluntarily punching out.
See my #17367208 above, if you care. You seem to be down on Linux, up on Windows. Cool. Have fun. "What's sad is this myth that most Linux users have regarding security." Here we are in the middle of the holidays, and you're all sad. Sorry to hear that, but I'm not up for a religious war today. Run whatever you want. Choice is good.
The link is for a presentation about Windows. Different OS, different security model, different security mechanisms. I didn't spend much time with it for a couple of reasons.
First, I'm not paid to be a Windows security guy. I had one professional encounter with it, when several years ago I needed to secure a Win2k server. Downloaded a doc from the NSA site, and found I had twenty-odd pages of registry edits alone to do. Management wouldn't buy off on that, and the app ended up on Linux or one of the commercial Unices--I can't remember which. People I trust tell me things are better now, and have shown me that a couple of my old pet peeves have been fixed, but also that some others haven't.
Second, it's presentation notes. I hate them. You never know what's being said around the talking points, so anything you read you're liable to take out of context. There's a short list of a dozen or so people whose presentation notes I'll typically try to wade through (generally when I know the guy, and can mail him about something that I'm unsure about), but this guy isn't one of them. There are exceptions. They are rare.
Nor do I watch a lot of videos, having seen far too many that were pure marketroid material, whether from Microsoft, HP, or whoever. In my experience, just the fact that it *is* a video has come to mean 'marketing material' to me, and several people I know. I wish the suits would snap to that. If I never have to sit through another one, it'll be too soon.
In general terms, if someone wants to get their research results to me via the Web, they can do it in the standard ways. HTML preferred unless you need a lot of math (Why does MathML support still suck in every browser I've tried? The Web originated at a particle physics lab, for God's sake! Or there one that now does well, and I haven't tried it recently?), in which case going with PDF or PS is fine. Either of those is also perfectly OK if it's something that's important enough that I want to keep a local copy, whether it's stuffed full of set theory graphics, protocol diagrams, etc., or not. Most PDFs frankly don't meet that standard. Unfortunately, they're also the only way to get a lot of things, like papers from the ACM, etc. Sigh. I don't suppose that's liable to change, as keeping everything in one file makes server admin easier.
Good morning, Grumbel. Hope you had a nice Christmas. Now back to our regularly scheduled argument:).
"A little wriggling with LD_PRELOAD or even just LD_LIBRARY_PATH should be enough to trojan that one, if done really clever, you wouldn't even notice, since your Bash would be trojaned as well, so no aliases PATH manipulation or stuff like that visible."
You seem to have done some reading, but not enough. Manipulating the environment can be used to escalate privilege if the called program is SUID or SGID. These aren't, so you're not getting root that way. Nor do I know how you magically trojaned/bin/bash. You might be able to do a DoS (on yourself, effectively), or wrap the software in some hostile way. If that's a concern, use the host IDS of your choice (Tripwire, or whatever) to maintain cryptographic hashes of, for instance, the shell script/binary chain that's invoked when you call Firefox. Don't forget your shell's dot files.
If you monitor the security lists, you see periodic warnings about failures to handle LD_LIBRARY_PATH, ISV, etc., safely in various binaries, and you need to update the affected packages. It's comparatively rare to see one warning of escalation, as SUID/SGID programs are relatively rare, and more care is taken with them (or at least it *better* be:)). OK, this is a show me the code moment. If you think "A little wriggling with LD_PRELOAD or even just LD_LIBRARY_PATH should be enough to trojan that one..." on your distribution, then by all means do it, and send a patch in to the maintainer. That helps the community.
"Installing a key logger is trivial..." if you're root. But see above.
"/bin,/usr,/var and friends simply don't matter, they can be restored in a few minutes by reinstalling the system..." I feel like I'm trying to hit a moving target here. First you were going to restore everything through the package manager in a few minutes. Then you seem to have read up on root kits, and realized that a reload is indeed going to be necessary. So now you're going to reinstall the system in a few minutes. FYI, the only times I've seen systems reloaded in a few minutes the following conditions obtained:
1) There was a local package repository available. No need to traverse the internet. 2) Software that was installed via tarball, as well as local scripts, etc., were also available from a local server. 3) The local network was capable enough that it didn't bog. 4) The systems being reloaded were pretty minimal servers, not desktops.
"/home on the other side has real value and is unrecoverable" There is this thing called a backup. You should try it. If root hasn't been compromised, your logs may well show you exactly when the user account was compromised, so you know which media are safe to restore from. They may also show you how the system was compromised, so you can fix the hole./var matters, as well as your executables. Personally, I recommend remote logging, even for desktops. But comparatively few home desktop users are going to have a machine to use as a log server, or the knowledge to set that up. If anyone out there wants to do it, Web docs are plentiful.
This concludes my daily contribution to our regularly scheduled argument. Which I hope is over, as it's a short week, and I have a lot of work to do. Plus my long weekend consisted of Christmas day only, and if I don't do some serious patching on the home front, my user account is going to be suspended, if you take my meaning:). And I have one more post to reply to in this thread. Sucks to be me.
Seriously, I'm not denigrating the importance of/home/USER on a desktop system. That would be hugely wrong. But there's simply no way you're going to convince me that "/bin,/usr,/var and friends simply don't matter". That's worse.
5. Serve the hacker culture itself Finally, you can serve and propagate the culture itself (by, for example, writing an accurate primer on how to become a hacker:-)). This is not something you'll be positioned to do until you've been around for while and become well-known for one of the first four things. The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status.
Though he seems to have forgotten the 'blatant ego' bit, unless this sort of thing seems modest to you:
I became a respected priest, elder, and bard. I developed something of a reputation as a ritual designer and theoretician. And out of me flowed poetry and healing and inspiration, and by these signs I knew and others knew that the Gods moved and lived within me. http://www.catb.org/~esr/writings/dancing.html
"So can you with a user account. Doesn't make much of the difference if the hacked binaries lay in/bin/ or in/home/juser/.bin/. If your account is compromised you are in trouble, doesn't make a difference if root is compromised as well or not on a single user machine, since everything that matters is in/home/ and you don't need root to touch that."
I agree (and stated) that all accounts should be protected. But on my machine, Firefox, for instance, is/usr/bin/firefox, root:root, mode 755. You have to be root to trojan it. You check your $PATH, look for aliases and symlinks, that sort of thing. Look, this is the basic Unix security model. I can't believe you're arguing this stuff.
'apt-get upgrade' and you get them all back? You either didn't read what I posted about a rootkit, or don't know the effects of of them yet assume you know it all. OK, root has been compromised. How do you know your package manager hasn't been subverted? Do you have cryptographic hashes of critical files, as in a host-based intrusion detection system of some sort, on write-only media? Or maybe you have a statically linked version of apt, again on write-only media (and even that isn't foolproof, with a suspect kernel)?
Wrap your mind around this: If the root account is compromised, you cannot trust anything on the system. Not your package manager, the kernel, the filesystem, log files, *nothing*! Unless you are deeply knowledgeable, you need to reinstall. Even if you are deeply knowledgeable, a reinstall is generally the way to go, as the forensics/repair approach is both complex and time consuming. You might want to look through packages like chkrootkit or rkhunter to see some of the files that are commonly trojanned, but there is no 100% accurate package.
Compromise of a user account, if you can prove that was as far as it went, will only place those executables under/home/USER at risk. If the system has been decently maintained, those should be fairly minimal on a typical user desktop. Those attacks are also far less scriptable than attacks on executables in standard system locations, and attacks are 99.9% automated. At least. Yeah, you have troubles. But the system can be recovered. Even then, I'd recommend a reload to most people. Also a look around any other systems you might have, if, for instance, you're using keys to ssh to another machine, rsync with it, etc. Exactly what your recovery process would be varies tremendously. It depends upon the circumstances.
You might also want to know that there are wide patches of the security landscape where the most dangerous attack of all is regarded as one which succeeds and remains covert for some length of time. Why hit your PayPal account now, when a bit of time might yield bank, stock trading, etc., accounts? You are in far greater danger of that sort of thing if root is compromised than if, say, someone gets in via attacking ssh with 55hb and finding a lame unprivileged user account password. Although you want to bear in mind that an escalation of privilege attack is usually easier than getting onto the system in the first place.
I would advise some serious reading. With your OP being +5 Insightful as I post this, my concern is that newcomers to Unix-y OSs might take your security remarks as valid.
"If root or jusers account is compromised doesn't make a difference, since in *both* cases the intruder has full access to everything that matters anyway."
If root is compromised, you can end up with trojaned binaries, etc. juser's account might seem completely untouched, but there's a keystroke logger sending your online banking login info overseas...but that's that stuff in/bin,/usr, var, etc., that you "really don't care about", "since it comes straight from the distribution CD and is trivial to recover". Except that that's only true for a short time after install. What happens after a few updates--or even one? Then you need to download packages. Except that you may not be able to, and you can no longer trust anything on the system, including your browser, package manager, even the TCP/IP stack. Unless you know quite a bit about rootkits and forensics, (and very probably even then) you're looking at a reinstall. Assuming you ever even find out that you were rooted--other than maybe the hard way, such as your savings account being cleaned out.
And then, what about your *data*? Images, old.DOC files from work, PDFs from last years online tax preparation service, etc, seemingly forever...Those are all binary formats. What's lurking in them? Are you going to compromise yourself again, next time you open significant_other.png?
Still think "that whole root/user separation doesn't provide much benefit at all"? If not, do everything you can to preserve that separation, and protect *all* accounts. That includes using sudo appropriately, and in general doing no more than you have to as root. Particularly for things like Web browsing, where a flaw in something like libpng (at least one Linux remote-compromise flaw has been found in it before) could compromise your machine if you hit even relatively trusted sites. As in the case two years ago of thousands of Windows PCs (IE IFrame vulnerability) being compromised due to a compromised add server which supplied Web sites all over Europe, and at least some companies in the US.
I see your point. It's a good one. In most cases (probably >90%), I'd agree with you. Marketroids have gotten *way* too many hand-waving pieces published by our sucky trade press. But Gutmann is a good troop, isn't a hand-waving kind of guy, has obviously done his homework (it's pretty easy easy to see that many manhours went into it), and he absolutely is not a marketroid. He's about as far from it as you can get. Nor is he a PR flack, a CxO, or what-have-you. He's a CS guy, down in NZ last I heard, and sharp.
So I'll cut him some slack in not using the phrase in a strictly MBA manner, and read it more as, "Well, it is about costs, and it is an analysis, at least in Webster sense 1." The man put research and thought into that paper. If he were a BA guy, I'd help you hold his feet to the fire on terminology, because then he wouldn't be Gutmann, who in my book is worth a certain amount of my trust--and I'm in security as well. We don't readily do that trust thing:).
Anyway, I'm not saying you're wrong--just that I have a different take on it. I'd hate to see anyone discount the work based on what, to me, is semantics.
Well, Gutmann is known in my circles for having done some good work, and having a track record that goes back for years. Things like trying to get the word out on how bad RC4 encryption was (and I wish IEEE had paid attention before the absurdly-named WEP was created--the RC4 issue was *not* all about key length, despite Microsoft claims), breaking early Windows pasword encryption, breaking a couple of disk encryption schemes, pointing out some serious flaws in Linux VPN software, etc. The list is fairly long. Apparently some people here think he's some sort of standardized media pundit--just another talking head. Uh, no.
Although some of what he said is new to me, I know he's dead right on some other bits. I know I'm very much prepared to give the man the benefit of the doubt on the parts that are new to me. Which sucks. To me, the best thing about Windows is that it was the central force that drove hardware into commodity status, and lowered all of our costs. Now we may have to give some of that benefit back. That isn't something I'm happy to do, particularly for the sake of Vista, which I'll never use.
I don't see how you can say the piece wasn't about costs. That thread was all through it. You expected actual numbers? That's *very* proprietary information to any vendor. Nor is it likely that the vendors themselves have much hard data yet, in the specific case of Vista, as it's very early innings. They can't even be sure of the adoption rate yet, so fabrication contracts, and a myriad other details are likely to change fairly rapidly over the next few months.
Yet it's very clear that the broader picture in one of increasing costs for hardware vendors. Some of that will probably just mean lower margins, but even that doesn't mean that only investors will be hurt. It also means less R&D, which isn't good for anyone, in the long term. And some of those costs *will* be passed on. Investors will demand it.
There are other issues, of course--reduced functionality and stability, yet more difficulty in avoiding binary blobs in GPL kernels, etc. None of this is good news to assorted non-Windows people, though much of it will hit Windows users as well. It's not the end of the world (and wasn't presented as if it were) but it's certainly bad news.
Slashdot Mirror
We don't know nearly enough about the probabilities to calculate anything.
We don't have values for any of the terms for the Drake Equation, for instance.
http://skytonight.com/resources/seti/3304541.html
From that URL: "ne is the average number of "Earthlike" planets (potentially suitable for life) in the typical solar system..."
Until we have a terrestrial planet finder, at a minimum, we'll have no idea of what constitutes a typical solar system, even in this region of the galaxy. We still wouldn't know whether the properties of a typical solar system vary by distance from the nucleus, via data from any planet finder we're likely to build. I'm only guessing that it could be possible for properties to vary by distance to nucleus. Maybe an astronomer here could provide some estimates based on what we know about gas cloud composition or something?
ne is only one term of seven in the Drake Equation. Again, I don't see that we have any basis for anything beyond absolutely wild guesses.
Enrico Fermi wasn't someone widely regarded as being "full of it." Or whose thoughts were at all likely to be "foolish." Anyone with an *element* (atomic number 100, fermium) named after them is generally going to have some pretty serious credibility with me, anyway. Some say that Fermi never actually asked the "Where are they?" question. Assuming he did, he may have been thinking in terms of an appropriate framework for approaching the problem, rather than attempting to prove that we were alone. We're not likely to ever know--but the man was certainly capable of very deep thought.
I very much *hope* that there is extraterrestrial intelligent life in this galaxy, though I'm not sure I *believe* in it. I've found the question worthwhile enough to have sporadically contributed a lot of cycles to SETI@HOME, over the years. Possible resolutions of Fermi's Paradox are highly interesting to me.
But your examples completely miss the essence of the paradox, which is that *someone*, not any one particular species or civilization would have been detected.
Great link! While I don't agree with quite all of this essay (particularly bits under Problem #7: That FOSS thing.[1]), the vast majority is dead-on. It would take me many, many hours to write something that probably would not be as good. I've spent untold hours over the years explaining bit and pieces of what's contained in it.
Dominic Humphries has placed it under a Creative Commons License: The URL http://linux.oneandoneis2.org/LNW.htm must be supplied in attribution. To answer many questions, I think I'll just redistribute under his license terms, and document where our opinions differ.
[1] My perspective does *not* match that of many Slashdotters, who often seem to overwhelming post from the perspective of a home user. This article would be a good example, as my posts to it will prove. While I'm a home user, and currently admin a security lab environment, I've spent time in large commercial Unix and Linux installation environments, and contract into that environment for a living. I try to view things from both perspectives, but often fail.
Even if I had a perfect success rate at this, I'd still be off base with some (many?) posts, because I have zero exposure to, say, the huge embedded space. I can try to extrapolate into that space, much like a programmer who knows many languages (that's not me--90% of my code is written in perhaps half a dozen languages) can often extrapolate into a language he/she has only read about (often only on the Web, USENET, etc., and there is something to be said for editorial review) but there's no real substitute for experience.
And sometimes I'm just short on sleep and irritable, reading Slashdot while waiting for a client to get back to me, etc. After all, it's only Slashdot, and best not taken too seriously.
In fact, I think I'll just pop this into my journal, and change my sig.
"#11 - The ability to have a user install their own package easily and transparently, under their home-dir (not applicable to all packages, of course.) Then, when that package is installed on the base system, it should also remove the user package and symlinks (/home/user/bin.) It's not cool to need root to run yum or apt, or require sudo privs when I just want to get something simple. This is especially important in a multi-user system."
/home/alice and /home/bob, how are conflicts resolved by the package management software when an admin wants to install that package (possibly another version) at a system level?
A multi-user system is where you most need that root/unprivileged user separation. Users can do the oddest things. Such as sucking up all available disk space, CPU cycles, etc. You get wildly different results depending upon whether those multiple suers are simultaneous or not, etc.
You could see an explosion of the workload the package system sees. How many users are on the system? If two versions of a package are installed in
Is the admin now supposed to contact everyone involved (maybe waiting two weeks wile someone returns from vacation, etc.) before they can get their job done? Or maybe spend the time to analyze some mentally and/or physically absent user's environment, then perform some difficult to support hack (remember, a possibly large number of users) on their $PATH?
Privilege separation is one of the basic principles of a Unixy OS. One of the main reasons that it's there is precisely to make multi-user systems possible. There's pretty much zero chance of this going away because some user says, "It's not cool to need root to run yum or apt." Admins have heard this since, well, forever. Very often from a user who wants to make *their* life easier, and doesn't consider *other* users or admins. Of course, this is the same sort of user who will install some stupid resource pig of an app, want the firewall punched out immediately for some obscure network app nobody's ever heard of, etc.
"I just want to get something simple." Define simple. Some users are going to be deeply knowledgeable, some far less so. The forkbomb (`$0 & $0 &`) is simple. Go ahead and run it from a bash prompt--but make sure your system resources are well controlled first. There can be a vast chasm between simple and benign. I know admins that won't allow an executable bit set for a user's files (let alone cron access, binding a network app to high ports, etc.) until they have some idea of the user's competence. They aren't Nazis; they're protecting a system with dozens of users.
Someone please mod parent up. There is plenty of commercial software for Linux. Most of the posts from this article are from the perspective of people who sound very much like home users, or admins of small installations. I'm not knocking that--it's an important piece of the Linux world. But it's only one piece, not the whole of it.
"I believe that the set of people who want to go gung-ho securing their boxes, who know what they're doing, AND who can't be bothered to recompile packages from SRPM form is very small."
From the perspective of a desktop user or admin of a small installation, you're likely correct. From the perspective of a large installation admin, probably not, at least in terms of end result.
In the latter case the problem probably wouldn't be so much of a 'can't be bothered' thing, so much as time constraints brought on be either of two things: a) the need to push out a package upgrade quickly because of a pressing security issue, or someone higher on the corporate food chain clamoring for some new bit of functionality, or b) the systems group has innadequate resources to do more than push binaries.
There can also be issues related to some sort of vendor support breakage if they leave the the world of standard packages. There are lots of apps out there that are supported by companies other than the Linux distributor. This sort of thing adds another possibility of something going wrong, and you being stuck between two vendors who each claim it's the other's problem.
If there is a God, I suspect his name is Murphy.
I've only seen education be even somewhat effective a few times. And that was in corporate settings. I don't see things as any better in government settings. For general consumers I've no hope at all. I see little or no evidence that most consumers *want* to be educated. Though they might, after the first time they're phished. :) They want to Do Stuff, not Learn Stuff.
:)
The consumer solution probably lies with the manufacturer, possibly via generating a random password as the last step before packaging the device. On first boot, you would have to connect to it with a browser, and the device would then display the password, and prompt the user to make a note of it (with lots of dire warnings, in a large red font). Only after having connected locally via browser would the device establish the WAN side connection, then present a login screen--hopefully catching a large percentage of those people who didn't make a note of it, and have already forgotten it. Only after a successfull password change would the device consider a boot to not be a first boot.
You'd proably want to test the exact order of this. For instance, it might make more sense to only consider first boot conditions satisfied after another successfull login. That would probably reduce the rate of immediate service calls. Other solutions probably exist--this is just off the top of my head.
Some still won't make a note of that password, or they'll eventually lose the note, so there will be an added helpdesk load in any case. Follow the money. The current situation now places the *entire* financial burden (recovery from being phished can be expensive and time-consuming) on the consumer. I'd consider shifting *some* of the burden back to the vendor via a small increase in support costs a reasonable thing. But it's unlikely to happen before a lot more bad press is generated.
I usually advocate running own DNS resolver on the LAN side--keeping something this critical on a system you have more control of, and a hop or two deeper into the LAN. It's an innexpensive process to run, on Unix-y machines, anyway. So even if you only have a single computer, it's a useful security addition. Although I assume there's a possibility for playing games with any DNS data cached on the router, and cacheing might be something the broadband providers would consider worth doing in the interests of lightening the load on their DNS systems. LAN side DNS can also speed your network operations tremendously. My provider went through a period of several *months* of slow DNS response. Of course, that was while they were the only game in town. When another provider appeared, the problem dissappeared immediately.
Does anyone know of any broadband routers that are actually known to cache DNS lookups?
Not sure I agree with Kadin2048's definition of 'public sector'. But especially as contractors have been in so much in the news lately (not just Blackwater and others of the same sort), I wish someone with mod points would hang an 'interesting' on the parent post.
"Welcome to the public sector."
.edu, .gov., etc. Did you mean 'private sector'? Or do we need a new term for corporations that have agreed to not recruit from each other's work force (which might *gasp* improve the workers bargaining position), but rather whore their workers out via contract?
I'm used to this term referring to
That's a hot button for me, as back in the mid-eighties, I saw two semiconductor companies (the only two) in the same small town work a no-pilfering agreement. If you worked for one, the other absolutely would not hire you--even if they had to transfer people in from out of state to fill a position. And we're talking fully paid moves as part of expensive relocation packages, etc. Not cheap to do, IOW. There was a minor flap about it in the local paper, but nothing could ever be proven. It was just an informal agreement, not a formal policy, so there wasn't any paper trail, and I can't recall if it was even illegal. I'm only sure it happened because well *before* the flap, my GF mentioned it to me--she worked in HR.
That's one example of the rapacity of huge corporations, even back then. Here's another. When Intel built their first 9.x fab in Rio Rancho, NM, they got mondo incentives. Enough that the local government had to absorb a large influx of people, with no added financial resources. How bad did it get? Well, central New Mexico is a high desert. The Albuquerque/Rio Rancho area is at about the same altitude as Denver, and drier. I was renting, so I didn't pay any attention to what property taxes where doing, but I do know that finally, on a 4th of July, I turned on the tap and no water came out. This was after some time of decreasing pressure. Wafer fabs are water-intensive. And yes, I was on city water.
I bailed. To this day, I still have a love/hate relationship with Intel. I had significant opportunities, did some of my best work, and worked with some kick-ass engineers and managers--the best in my semiconductor career. Intel put a lot of resources into the new fab, as it was the first full-on production 80386 facility, and was expected to do $1B in it's first year of operation. That was huge, back in the day. Intel was much smaller then, and this was when the Intel/Motorola tide turned, as BatWings failed to answer the '386 challenge.
BTW, I've worked for Moto as well, and Intel hired me away from AMD. So I came in on one of those great emergency deals. They needed me badly enough that the movers showed up the day after became available. My vehicle was loaded, as well as household goods, and I flew out to temp lodgings, a rental car, and some wonderful career stuff, including a chance to do some sweet research, rather than just production process engineering.
There's another tale there--when I applied to Intel, I wanted Oregon. That was closer to home, and where the R&D happened. I was told there were no jobs in Oregon, but there was this New Mexico gig, which would also involve some serious R&D. I ended up shuttling between the two sites as the process was ported (this is complex stuff, with many $ at stake) and the Oregon project lead engineer (whom I'd become fairly friendly with, as we'd been working together for a while now) one day told me that he'd wanted to hire me, but the corporate New Mexico need was greater, he'd come under some pressure, and finally agreed to tell me that the only job was the New Mexico gig. He could only hire me if I declined the New Mexico gig. I blew it off at the time. It was something of an eye-opener (I was pretty young at the time), but I'd never been around a fab where everyone had such long, serious faces. Moto and AMD had both had some seriously fun folk to work with, and the atmosphere was a bit depressing.
OK, there's a quick shot of history for everyone. Now, everyone who thinks that multinationals have become *less* rapacious in the subsequent 20 years raise please your hands. My take is that you:
- Never, *ever* believe what you're told--that's j
"We make the arrogant assumption that CoE applies universally in all cases, that there may not be cases where, under certain conditions it can be circumvented, without truly any knowledge that this is true or testing each one of the infinite number of possible conditions. Scientists, essentially, believe they know everything, and that their theories are perfect and complete,..."
I'm wondering how we test each of an infinite number of conditions. I expect to remain at least somewhat occupied with this until I finally meet a scientist who believes he/she knows everything, at which point I suppose I can just ask. I'll probably also ask how acceptance of the law of conservation of energy can be described as "arrogance" while I have this being's attention. They're rare enough that I've never heard of (much less met) one, so it would be best not to waste the opportunity.
I think you're cutting Nortel too much slack. They've a current market cap of nearly $12 billion. This isn't small time; they've been larger (for most definitions of large, not just market cap) than Apple for most of their history.
VPN clients are pretty much universally regarded as business software--often mission-critical business software. Once they made the decision to release a Mac version, they should have supported it as such. That might mean some slight delay, due to the differences in Microsoft/Apple market sizes, but *five months*? That's ridiculous. It's a significant percentage of a release's time as the current version.
"The enterprise." What a sad joke that phrase is. This post is not directed strictly at you, BTW.
I remember when it meant a heterogeneous OS environment, branch offices at a minimum, and multinationality and thousands of employees at least implied. Then I began to see surveys, etc., which ran down through corporation with a presence only in single countries, with perhaps a few hundred employees, to the current SME, which has at least some overlap with SOHO.
Seriously. For the last few *years* I've seen Web forms of various (fill out for our free white paper, etc.) types which presented me with a radio button to describe the size of my 'enterprise' as 1-5 employees. That's just one example, though probably the one I, personally, have seen the most. I've even seen the term (still in shrinkage mode) used in research papers over the years.
Depending upon your line of business (a few neighborhood kids in a lawn mowing group comes to mind), that 1-5 number of employees implies that a Z80 running CP/M and BASIC could be an enterprise-class system. Sigh. Another free service to the community from the marketroids, I guess.
IMHO, any post that uses the word these days is going to spark a lot of disagreement, simply because it's a marketing term which now has little or no meaning beyond a mere 'business' v 'personal' connotation.
Could be, but I doubt it. In the case of media stuff, the loss is probably proportional to immediacy. If a game, movie, CD, even an operating system (Google on Vista leaks) leaks widely, just as the thing is supposed to be ramping sales in huge way, it has to hurt, say, stock share prices.
If it's old, and stolen copies are already widely available, the losses probably aren't perceived as so immediate and crushing. That's not to say those losses aren't harmful in the long run--just that they aren't necessarily *perceived* that way. The real figures would obviously vary on a case-by-case basis. The third installment of Pirates of the Carribean is obviously more immediately valuable than some random programmer's backup program.
In general terms, the security gameplan would be to strictly limit physical or network access to the work in progress, and any ancillary data concerning it--budgets, cost and deliverables projections, etc., while the project is active. When the project is complete, take it offline, and require physical access--tape vault or something. When you do that probably goes back to immediacy. A year after the third installment of Pirates of the Carribean is out (probably much sooner, maybe *before* official release), perfect copies will be widely available.
Which makes you wonder if backup media in a tape vault is even worthwhile, as a business case. The metadata might be worth more (licenses, tech notes, or whatever) than even the viewer content of an HD movie, which you can (probably safely) presume is going to be widely available soon after (at a minimum) release. Attacks against HD DVD (recently mentioned here on Slashdot), like all attacks, are only going to get better.
Sorry if this seems incoherent. Thought-provoking topic for a security guy. But things are busy just now, and this is only Slashdot, after all.
Above, an AC posted a link to http://www.oracle.com/technology/oramag/oracle/06- may/o36lucas.html which sez the answer to your question is 'tape'. Makes sense, I suppose. Storing old movies which require TB don't sound like something to store on- or near-line. I doubt much of it is reusable, on a day to day basis. When you launch a major project (make Greedo shoot first or something) for it, then it's in the books, and you have a business requirement to fill on-line storage, acquire more if you need it, etc.
"Windows and Office licenses are cheap." Cheap is relative, even if you don't consider extra baggage related to spyware, virus detection, etc. I've seen $10K or so for licenses be a showstopper for projects even in large companies. The departmental budget was spent. End of story. The projects didn't happen. Well, in some cases they did, when the next budget hit, but in the meantime there was much wailing and gnashing of teeth.
Custom apps are definitely a sticking point. You'll get no argument from me on that one. I blame a lot of that on CTOs (or whoever is filling that role, whether the title comes with the job or not) that don't or can't do their jobs. To my mind, if you're in that role, and your plan is to always be based completely around one software vendor, who has been more or less constantly in legal trouble (for many years) for anticompetitive behavior, you really need to periodically pull your head out long enough to at least take a look around. Your employer is wasting the money spent on your compensation package.
I realize that's too much of a blanket statement to be anything like correct in every case. There are entirely valid reasons for being an MS-only shop. But I also see it happen for all the *wrong* reasons--frequently just inertia.
Actually, nofollow predates Google. It dates back to at least HTML 2.0, so sometime around '94 or so. Google launched in 1998. It's original intent really was nofollow, not the 'don't index' that Google and some other engines mutated it into, which is what turned it into the ugly hack that you described it as.
I don't really subscribe to the Google==Good viewpoint commonly seen on Slashdot. I'm not saying Google==Evil, just that very little in this world is an unalloyed good, and that very much applies to Google. Most of my reasons are off-topic, but a bit of it is also abusing a standard for a temporary corporate gain. This is especially egregious when done by players who are so large that the original intent of a standard is completely lost. Which clearly is the case here.
Viewers are good for version independence, but not for vendor independence. Unless these run under Wine or something, you're still locked into a MS OS. Until OO supports the format. Or you could open the archive, sed the XML off, and at least have text. Any graphics are in there as well...
This shouldn't be too difficult an issue. I doubt it will take long.
Somebody please mod parent "Informative".
My statics isn't up to understanding everything on the reference link. The pieces that I do grok--well, I guess I need to see what the story is with OO Calc. It may not be any better.
On the theory that anything that cleans up the gene pool is, by definition, A Good Thing, we can only hope. Plus, if there's another Heaven's Gate event, we get to see puff pieces in most media, as all the sensitive types act as if nutjobs leaving the planet (suicide still gets them off the planet) were somehow A Bad Thing. We should get at least a Geraldo Rivera special out of it.
"So sad."
"A tragedy."
and the immortal
"Think of the children."
Yeah, some relatives, SOs, and such would suffer. Sorry about that. I don't wish any misery on them, but shit happens. If whoever offs themselves were crazy enough to do a Heaven's Gate thing, some sadness was headed for those that cared about them, in any event. The general population shouldn't waste much sadness on nutjobs voluntarily punching out.
See my #17367208 above, if you care. You seem to be down on Linux, up on Windows. Cool. Have fun. "What's sad is this myth that most Linux users have regarding security." Here we are in the middle of the holidays, and you're all sad. Sorry to hear that, but I'm not up for a religious war today. Run whatever you want. Choice is good.
The link is for a presentation about Windows. Different OS, different security model, different security mechanisms. I didn't spend much time with it for a couple of reasons.
First, I'm not paid to be a Windows security guy. I had one professional encounter with it, when several years ago I needed to secure a Win2k server. Downloaded a doc from the NSA site, and found I had twenty-odd pages of registry edits alone to do. Management wouldn't buy off on that, and the app ended up on Linux or one of the commercial Unices--I can't remember which. People I trust tell me things are better now, and have shown me that a couple of my old pet peeves have been fixed, but also that some others haven't.
Second, it's presentation notes. I hate them. You never know what's being said around the talking points, so anything you read you're liable to take out of context. There's a short list of a dozen or so people whose presentation notes I'll typically try to wade through (generally when I know the guy, and can mail him about something that I'm unsure about), but this guy isn't one of them. There are exceptions. They are rare.
Nor do I watch a lot of videos, having seen far too many that were pure marketroid material, whether from Microsoft, HP, or whoever. In my experience, just the fact that it *is* a video has come to mean 'marketing material' to me, and several people I know. I wish the suits would snap to that. If I never have to sit through another one, it'll be too soon.
In general terms, if someone wants to get their research results to me via the Web, they can do it in the standard ways. HTML preferred unless you need a lot of math (Why does MathML support still suck in every browser I've tried? The Web originated at a particle physics lab, for God's sake! Or there one that now does well, and I haven't tried it recently?), in which case going with PDF or PS is fine. Either of those is also perfectly OK if it's something that's important enough that I want to keep a local copy, whether it's stuffed full of set theory graphics, protocol diagrams, etc., or not. Most PDFs frankly don't meet that standard. Unfortunately, they're also the only way to get a lot of things, like papers from the ACM, etc. Sigh. I don't suppose that's liable to change, as keeping everything in one file makes server admin easier.
Good morning, Grumbel. Hope you had a nice Christmas. Now back to our regularly scheduled argument :).
/bin/bash. You might be able to do a DoS (on yourself, effectively), or wrap the software in some hostile way. If that's a concern, use the host IDS of your choice (Tripwire, or whatever) to maintain cryptographic hashes of, for instance, the shell script/binary chain that's invoked when you call Firefox. Don't forget your shell's dot files.
:)). OK, this is a show me the code moment. If you think "A little wriggling with LD_PRELOAD or even just LD_LIBRARY_PATH should be enough to trojan that one..." on your distribution, then by all means do it, and send a patch in to the maintainer. That helps the community.
/usr, /var and friends simply don't matter, they can be restored in a few minutes by reinstalling the system..." I feel like I'm trying to hit a moving target here. First you were going to restore everything through the package manager in a few minutes. Then you seem to have read up on root kits, and realized that a reload is indeed going to be necessary. So now you're going to reinstall the system in a few minutes. FYI, the only times I've seen systems reloaded in a few minutes the following conditions obtained:
/var matters, as well as your executables. Personally, I recommend remote logging, even for desktops. But comparatively few home desktop users are going to have a machine to use as a log server, or the knowledge to set that up. If anyone out there wants to do it, Web docs are plentiful.
:). And I have one more post to reply to in this thread. Sucks to be me.
/home/USER on a desktop system. That would be hugely wrong. But there's simply no way you're going to convince me that "/bin, /usr, /var and friends simply don't matter". That's worse.
"A little wriggling with LD_PRELOAD or even just LD_LIBRARY_PATH should be enough to trojan that one, if done really clever, you wouldn't even notice, since your Bash would be trojaned as well, so no aliases PATH manipulation or stuff like that visible."
You seem to have done some reading, but not enough. Manipulating the environment can be used to escalate privilege if the called program is SUID or SGID. These aren't, so you're not getting root that way. Nor do I know how you magically trojaned
If you monitor the security lists, you see periodic warnings about failures to handle LD_LIBRARY_PATH, ISV, etc., safely in various binaries, and you need to update the affected packages. It's comparatively rare to see one warning of escalation, as SUID/SGID programs are relatively rare, and more care is taken with them (or at least it *better* be
"Installing a key logger is trivial..." if you're root. But see above.
"/bin,
1) There was a local package repository available. No need to traverse the internet.
2) Software that was installed via tarball, as well as local scripts, etc., were also available from a local server.
3) The local network was capable enough that it didn't bog.
4) The systems being reloaded were pretty minimal servers, not desktops.
"/home on the other side has real value and is unrecoverable" There is this thing called a backup. You should try it. If root hasn't been compromised, your logs may well show you exactly when the user account was compromised, so you know which media are safe to restore from. They may also show you how the system was compromised, so you can fix the hole.
This concludes my daily contribution to our regularly scheduled argument. Which I hope is over, as it's a short week, and I have a lot of work to do. Plus my long weekend consisted of Christmas day only, and if I don't do some serious patching on the home front, my user account is going to be suspended, if you take my meaning
Seriously, I'm not denigrating the importance of
Well, at least he laid it all out for us, a long time ago. From How To Become A Hacker http://www.catb.org/~esr/faqs/hacker-howto.html:
:-)). This is not something you'll be positioned to do until you've been around for while and become well-known for one of the first four things.
5. Serve the hacker culture itself
Finally, you can serve and propagate the culture itself (by, for example, writing an accurate primer on how to become a hacker
The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status.
Though he seems to have forgotten the 'blatant ego' bit, unless this sort of thing seems modest to you:
I became a respected priest, elder, and bard. I developed something of a reputation as a ritual designer and theoretician. And out of me flowed poetry and healing and inspiration, and by these signs I knew and others knew that the Gods moved and lived within me. http://www.catb.org/~esr/writings/dancing.html
He's a mixed bag, but a mixed bag of nuts.
"So can you with a user account. Doesn't make much of the difference if the hacked binaries lay in /bin/ or in /home/juser/.bin/. If your account is compromised you are in trouble, doesn't make a difference if root is compromised as well or not on a single user machine, since everything that matters is in /home/ and you don't need root to touch that."
/usr/bin/firefox, root:root, mode 755. You have to be root to trojan it. You check your $PATH, look for aliases and symlinks, that sort of thing. Look, this is the basic Unix security model. I can't believe you're arguing this stuff.
/home/USER at risk. If the system has been decently maintained, those should be fairly minimal on a typical user desktop. Those attacks are also far less scriptable than attacks on executables in standard system locations, and attacks are 99.9% automated. At least. Yeah, you have troubles. But the system can be recovered. Even then, I'd recommend a reload to most people. Also a look around any other systems you might have, if, for instance, you're using keys to ssh to another machine, rsync with it, etc. Exactly what your recovery process would be varies tremendously. It depends upon the circumstances.
I agree (and stated) that all accounts should be protected. But on my machine, Firefox, for instance, is
'apt-get upgrade' and you get them all back? You either didn't read what I posted about a rootkit, or don't know the effects of of them yet assume you know it all. OK, root has been compromised. How do you know your package manager hasn't been subverted? Do you have cryptographic hashes of critical files, as in a host-based intrusion detection system of some sort, on write-only media? Or maybe you have a statically linked version of apt, again on write-only media (and even that isn't foolproof, with a suspect kernel)?
Wrap your mind around this: If the root account is compromised, you cannot trust anything on the system. Not your package manager, the kernel, the filesystem, log files, *nothing*! Unless you are deeply knowledgeable, you need to reinstall. Even if you are deeply knowledgeable, a reinstall is generally the way to go, as the forensics/repair approach is both complex and time consuming. You might want to look through packages like chkrootkit or rkhunter to see some of the files that are commonly trojanned, but there is no 100% accurate package.
Compromise of a user account, if you can prove that was as far as it went, will only place those executables under
You might also want to know that there are wide patches of the security landscape where the most dangerous attack of all is regarded as one which succeeds and remains covert for some length of time. Why hit your PayPal account now, when a bit of time might yield bank, stock trading, etc., accounts? You are in far greater danger of that sort of thing if root is compromised than if, say, someone gets in via attacking ssh with 55hb and finding a lame unprivileged user account password. Although you want to bear in mind that an escalation of privilege attack is usually easier than getting onto the system in the first place.
I would advise some serious reading. With your OP being +5 Insightful as I post this, my concern is that newcomers to Unix-y OSs might take your security remarks as valid.
"If root or jusers account is compromised doesn't make a difference, since in *both* cases the intruder has full access to everything that matters anyway."
/bin, /usr, var, etc., that you "really don't care about", "since it comes straight from the distribution CD and is trivial to recover". Except that that's only true for a short time after install. What happens after a few updates--or even one? Then you need to download packages. Except that you may not be able to, and you can no longer trust anything on the system, including your browser, package manager, even the TCP/IP stack. Unless you know quite a bit about rootkits and forensics, (and very probably even then) you're looking at a reinstall. Assuming you ever even find out that you were rooted--other than maybe the hard way, such as your savings account being cleaned out.
.DOC files from work, PDFs from last years online tax preparation service, etc, seemingly forever...Those are all binary formats. What's lurking in them? Are you going to compromise yourself again, next time you open significant_other.png?
If root is compromised, you can end up with trojaned binaries, etc. juser's account might seem completely untouched, but there's a keystroke logger sending your online banking login info overseas...but that's that stuff in
And then, what about your *data*? Images, old
Still think "that whole root/user separation doesn't provide much benefit at all"? If not, do everything you can to preserve that separation, and protect *all* accounts. That includes using sudo appropriately, and in general doing no more than you have to as root. Particularly for things like Web browsing, where a flaw in something like libpng (at least one Linux remote-compromise flaw has been found in it before) could compromise your machine if you hit even relatively trusted sites. As in the case two years ago of thousands of Windows PCs (IE IFrame vulnerability) being compromised due to a compromised add server which supplied Web sites all over Europe, and at least some companies in the US.
I see your point. It's a good one. In most cases (probably >90%), I'd agree with you. Marketroids have gotten *way* too many hand-waving pieces published by our sucky trade press. But Gutmann is a good troop, isn't a hand-waving kind of guy, has obviously done his homework (it's pretty easy easy to see that many manhours went into it), and he absolutely is not a marketroid. He's about as far from it as you can get. Nor is he a PR flack, a CxO, or what-have-you. He's a CS guy, down in NZ last I heard, and sharp.
:).
So I'll cut him some slack in not using the phrase in a strictly MBA manner, and read it more as, "Well, it is about costs, and it is an analysis, at least in Webster sense 1." The man put research and thought into that paper. If he were a BA guy, I'd help you hold his feet to the fire on terminology, because then he wouldn't be Gutmann, who in my book is worth a certain amount of my trust--and I'm in security as well. We don't readily do that trust thing
Anyway, I'm not saying you're wrong--just that I have a different take on it. I'd hate to see anyone discount the work based on what, to me, is semantics.
Well, Gutmann is known in my circles for having done some good work, and having a track record that goes back for years. Things like trying to get the word out on how bad RC4 encryption was (and I wish IEEE had paid attention before the absurdly-named WEP was created--the RC4 issue was *not* all about key length, despite Microsoft claims), breaking early Windows pasword encryption, breaking a couple of disk encryption schemes, pointing out some serious flaws in Linux VPN software, etc. The list is fairly long. Apparently some people here think he's some sort of standardized media pundit--just another talking head. Uh, no.
Although some of what he said is new to me, I know he's dead right on some other bits. I know I'm very much prepared to give the man the benefit of the doubt on the parts that are new to me. Which sucks. To me, the best thing about Windows is that it was the central force that drove hardware into commodity status, and lowered all of our costs. Now we may have to give some of that benefit back. That isn't something I'm happy to do, particularly for the sake of Vista, which I'll never use.
I don't see how you can say the piece wasn't about costs. That thread was all through it. You expected actual numbers? That's *very* proprietary information to any vendor. Nor is it likely that the vendors themselves have much hard data yet, in the specific case of Vista, as it's very early innings. They can't even be sure of the adoption rate yet, so fabrication contracts, and a myriad other details are likely to change fairly rapidly over the next few months.
Yet it's very clear that the broader picture in one of increasing costs for hardware vendors. Some of that will probably just mean lower margins, but even that doesn't mean that only investors will be hurt. It also means less R&D, which isn't good for anyone, in the long term. And some of those costs *will* be passed on. Investors will demand it.
There are other issues, of course--reduced functionality and stability, yet more difficulty in avoiding binary blobs in GPL kernels, etc. None of this is good news to assorted non-Windows people, though much of it will hit Windows users as well. It's not the end of the world (and wasn't presented as if it were) but it's certainly bad news.