I'd like to see an incredibly stealthy virus - one that stays out of the way to the point that it isn't detected for some number of years.
Have it patch key parts of the Windows kernel to degrade performance in subtle but believable ways... Lobotomize the scheduler so that context switches occur much less often than they should for responsiveness. Kick up the swappiness from Ridiculous (stock setting) to We've-gone-plaid Divide the given buffer length for each I/O operation so that CPU usage goes up and throughput goes down.
...that they didn't use X in the first place. It's heavy. It'd also be a huge pain in the ass to get power management and wakeups under control
IMHO the biggest mistake with Android was the decision to invent their own (shitty) set of UI widgets. The interface designer is a joke. They should have ported the relevant bits of Qtopia.
The fact that the compromise of a PDF reader leads to compromise of the entire user account is a failure of the operating system, and Linux/Mac/BSD/Windows all fail equally here.
And since time is money, you can always just switch tabs.
I especially like the recent addition of movie trailers or whatnot as an ad option - as in, before the video starts playing you pick "long boring trailer and no ads" or "all ads, no trailer." I always pick the trailer if given the option, it means I have several _minutes_ to kill on another site, and I flip back when I hear the familiar series intro.
Re:iPhone crashes, software crashes, not much else
on
When Servers Explode
·
· Score: 1
Consumer hardware is pants. Bits flip and stuff randomly breaks - sometimes one leads to the other. It's a miracle that this messaË even reaches you at allËÎÏ
Not all that much really. Easy enough to run a spambot with user privs. Any of the data you want to steal is in ~. If you last long enough without detection, you can grab the user's password with an X keylogger and start doing extra naughty stuff with root.
I've been saying that for a long time. People are living in a fairy land right now as far as any desktop OS being 'more secure.'
Would I trust a default Ubuntu install over Windows? Yes.
Does the Ubuntu kernel turn on the NX bit on 32bit? No. Can users inadvertently run something which will take them from behind? Yes. Will more marketshare soon lead to legions of zombie Linux desktop machines? Certainly. Are the above three points excusable? I think not.
You are making it sound like you need root access for a keylogger. That's not true when input is going to X, which is true the majority of the time for all desktop users.
I keep saying this on slashdot but should really get off my ass and do something about it. The Unix security model is totally useless in the context of a desktop machine. So is the Windows security model. Processes are not the users that run them. PolicyKit needs to be extended to delegate just "superuser" actions but normal actions as well, by program. It should be much like the OLPC or similarly Android - apps which are installed / run the first time should have to ask for a set of permissions they need. These permissions are to be changeable only by the user via a privileged frontend. If my desktop environment happens to start a scary.desktop file, it wouldn't matter. It wouldn't have access to my ~, to the network, or XQueryKeymap...unless it asked nicely first. If something needs to open a document outside of its dot directory it can do so via a _privileged_ file chooser - ask over DBus, and the file that the user picks will be hardlinked into the sandbox.
Outsourcing the hardware isn't the benefit. Amazon and friends have that end of the game.
Within some large organization - university, corp, whatever - there are typically a huge number of workstations with lots of redundant hardware that is usually sitting idle, lots of departments with varying computing needs, and some ever changing number of servers, some crusty, some doing lebenty-jillion different jobs...
It's very handy for various departments to be able to provision servers as they need. Some pool of terminal servers can be maintained, serving VPN users as well as thin clients. Physical servers can be brought up and down as needed without even dropping net connections. Maintenance doesn't mean downtime. You're paying for bandwidth and hardware just like you always did, but its a commodity for the people that actually need to use it.
Servers, network printers and Linux workstations get a cute name. All servers, printers, and workstations get a standardized boring name in addition.
Hostnames on the machines are set to standardized-cute, such as v16filer2-quark. An A record exists for all of the standard names. A CNAME exists for all the cute ones.
The cutesie names are a big help to the people that use that particular machine frequently. They're accessible via either, but shell prompts show both (which reinforces both, over time). Hostnames are obviously what show up in automated alerts. All machines have a sticker with both, cutesie one in larger font - eventually you'll learn where thrall is but much less likely to remember the official name.
The (good) devs usually elect to have a Linux workstation, and they get to pick their own name.
Some of the 'mascots' which have appeared on the stickers are certainly quite amusing
Perhaps they could hire some kind of outside contractor - with an extensive botnet and lots of spam-sending experience - at some ridiculous fee! I'm sure with significant compensation, these professionals could be convinced to spam the DoJ.
In all seriousness, all this will do is make a certain few people very very sad inside when they see just how easy it is to fool the common deskmonkey, and just how much info you can get. At best, some of those certain few people will become motivated to make it their profession...
Yet another example of why the "user == app" idea is silly and dated.
The concepts seen on certain mobile phones as well as the OLPC make a lot more sense and are simple enough to understand. An app is not a user. An app is granted some subset of permissions at install time, such as network access and (drumroll please) ability to change system settings.
If you want to get really fancy, you can define perms for an app, perms for a user (such that an app can pop up a UAC prompt to gain (most) of a user's perms in addition to what it already has), and even perms for an app granted by an admin that no user actually has - only the signed Firefox binary at path X can make outgoing port 80 connections, or somesuch.
Notepad doesn't need network access. Notepad doesn't need write access to my entire home directory (especially the ability to delete files) - open/save single files with a gui prompt as 99 percent of files need to do should involve a privileged service. The MS settings apps shouldn't show a UAC prompt - but the solution is NOT to let everybody change system settings - that's just lazy.
Disclaimer: yes, I hate the unix security model even more
I made the mistake of installing Intrepid on my laptop after using Hardy on my desktop since it was released. As a wonderful side effect of keeping lock-step with Gnome, Intrepid lost session management. My Hardy desktop will gladly restart all of my apps on login, but Intrepid will give you a blank slate every time regardless of your "Remember session" setting. It's STILL not fixed this many months after release, even though it has worked since the 1.x days.
Cold boot attacks on laptops are interesting and all, but me, I'd just use the firewire port
It is applicable on a smaller number of laptops, but you also have write access and the machine continues running (less suspicious). Somewhere (perhaps in my link, can't remember) I saw a nifty python script that patches winlogon to allow unlock by entering an incorrect password. If you're an exceptionally slick bastard, you might squeeze a keylogger/downloader/etc into some dark corner of RAM and hijack some unlucky thread. On Windows machines, who knows, maybe we'll see a convenient hardware dongle to assrape the DRM path while it's looking the other way...
Don't even have to move the laptop somewhere secluded to rip it apart. Just plug in your 'music player.'
Slashdot Mirror
Yes
I noticed it on Intrepid but not Hardy. I assumed it was an isolated issue with my touchpad...
I'd like to see an incredibly stealthy virus - one that stays out of the way to the point that it isn't detected for some number of years.
Have it patch key parts of the Windows kernel to degrade performance in subtle but believable ways...
Lobotomize the scheduler so that context switches occur much less often than they should for responsiveness.
Kick up the swappiness from Ridiculous (stock setting) to We've-gone-plaid
Divide the given buffer length for each I/O operation so that CPU usage goes up and throughput goes down.
I wonder if we'd _ever_ notice.
...that they didn't use X in the first place. It's heavy. It'd also be a huge pain in the ass to get power management and wakeups under control
IMHO the biggest mistake with Android was the decision to invent their own (shitty) set of UI widgets. The interface designer is a joke. They should have ported the relevant bits of Qtopia.
Applets are second/third class citizens these days - the sandboxing is a joke now too.
But it's not dying on the server. Not anytime soon.
The fact that the compromise of a PDF reader leads to compromise of the entire user account is a failure of the operating system, and Linux/Mac/BSD/Windows all fail equally here.
And since time is money, you can always just switch tabs.
I especially like the recent addition of movie trailers or whatnot as an ad option - as in, before the video starts playing you pick "long boring trailer and no ads" or "all ads, no trailer." I always pick the trailer if given the option, it means I have several _minutes_ to kill on another site, and I flip back when I hear the familiar series intro.
Consumer hardware is pants. Bits flip and stuff randomly breaks - sometimes one leads to the other. It's a miracle that this messaË even reaches you at allËÎÏ
I've personally taught it a few new tricks, you can thank me if you wish.
Not all that much really. Easy enough to run a spambot with user privs. Any of the data you want to steal is in ~. If you last long enough without detection, you can grab the user's password with an X keylogger and start doing extra naughty stuff with root.
This idea intrigues me.
I've been saying that for a long time. People are living in a fairy land right now as far as any desktop OS being 'more secure.'
Would I trust a default Ubuntu install over Windows? Yes.
Does the Ubuntu kernel turn on the NX bit on 32bit? No.
Can users inadvertently run something which will take them from behind? Yes.
Will more marketshare soon lead to legions of zombie Linux desktop machines? Certainly.
Are the above three points excusable? I think not.
You are making it sound like you need root access for a keylogger. That's not true when input is going to X, which is true the majority of the time for all desktop users.
I keep saying this on slashdot but should really get off my ass and do something about it. The Unix security model is totally useless in the context of a desktop machine. So is the Windows security model. Processes are not the users that run them. .desktop file, it wouldn't matter. It wouldn't have access to my ~, to the network, or XQueryKeymap...unless it asked nicely first. If something needs to open a document outside of its dot directory it can do so via a _privileged_ file chooser - ask over DBus, and the file that the user picks will be hardlinked into the sandbox.
PolicyKit needs to be extended to delegate just "superuser" actions but normal actions as well, by program. It should be much like the OLPC or similarly Android - apps which are installed / run the first time should have to ask for a set of permissions they need. These permissions are to be changeable only by the user via a privileged frontend. If my desktop environment happens to start a scary
Those figures won't be useful for very long. Let me future-proof them for you.
Note to readers: Add a trailing 0 to the USD amount for every 6 hours after the parent's post time.
Outsourcing the hardware isn't the benefit. Amazon and friends have that end of the game.
Within some large organization - university, corp, whatever - there are typically a huge number of workstations with lots of redundant hardware that is usually sitting idle, lots of departments with varying computing needs, and some ever changing number of servers, some crusty, some doing lebenty-jillion different jobs...
It's very handy for various departments to be able to provision servers as they need. Some pool of terminal servers can be maintained, serving VPN users as well as thin clients. Physical servers can be brought up and down as needed without even dropping net connections. Maintenance doesn't mean downtime. You're paying for bandwidth and hardware just like you always did, but its a commodity for the people that actually need to use it.
Hardy is version 8.04, not 6.04, and has NTFS read and write support out of the box. Any NTFS partitions show up in the Gnome places menu. Easy.
Servers, network printers and Linux workstations get a cute name.
All servers, printers, and workstations get a standardized boring name in addition.
Hostnames on the machines are set to standardized-cute, such as v16filer2-quark.
An A record exists for all of the standard names. A CNAME exists for all the cute ones.
The cutesie names are a big help to the people that use that particular machine frequently. They're accessible via either, but shell prompts show both (which reinforces both, over time). Hostnames are obviously what show up in automated alerts. All machines have a sticker with both, cutesie one in larger font - eventually you'll learn where thrall is but much less likely to remember the official name.
The (good) devs usually elect to have a Linux workstation, and they get to pick their own name.
Some of the 'mascots' which have appeared on the stickers are certainly quite amusing
Perhaps they could hire some kind of outside contractor - with an extensive botnet and lots of spam-sending experience - at some ridiculous fee! I'm sure with significant compensation, these professionals could be convinced to spam the DoJ.
In all seriousness, all this will do is make a certain few people very very sad inside when they see just how easy it is to fool the common deskmonkey, and just how much info you can get. At best, some of those certain few people will become motivated to make it their profession...
Yet another example of why the "user == app" idea is silly and dated.
The concepts seen on certain mobile phones as well as the OLPC make a lot more sense and are simple enough to understand. An app is not a user. An app is granted some subset of permissions at install time, such as network access and (drumroll please) ability to change system settings.
If you want to get really fancy, you can define perms for an app, perms for a user (such that an app can pop up a UAC prompt to gain (most) of a user's perms in addition to what it already has), and even perms for an app granted by an admin that no user actually has - only the signed Firefox binary at path X can make outgoing port 80 connections, or somesuch.
Notepad doesn't need network access. Notepad doesn't need write access to my entire home directory (especially the ability to delete files) - open/save single files with a gui prompt as 99 percent of files need to do should involve a privileged service. The MS settings apps shouldn't show a UAC prompt - but the solution is NOT to let everybody change system settings - that's just lazy.
Disclaimer: yes, I hate the unix security model even more
The option for "wheels" disappeared - the bugfix was Triaged by adding cinder blocks.
Go back to bed dad
Ubuntu breaks a LOT in every release it seems.
I made the mistake of installing Intrepid on my laptop after using Hardy on my desktop since it was released. As a wonderful side effect of keeping lock-step with Gnome, Intrepid lost session management. My Hardy desktop will gladly restart all of my apps on login, but Intrepid will give you a blank slate every time regardless of your "Remember session" setting. It's STILL not fixed this many months after release, even though it has worked since the 1.x days.
Better parenting and education?
What if all parties are fine with the nudie pics, including parents? One can't blanket label the act as "morally wrong"
Cold boot attacks on laptops are interesting and all, but me, I'd just use the firewire port
It is applicable on a smaller number of laptops, but you also have write access and the machine continues running (less suspicious). Somewhere (perhaps in my link, can't remember) I saw a nifty python script that patches winlogon to allow unlock by entering an incorrect password. If you're an exceptionally slick bastard, you might squeeze a keylogger/downloader/etc into some dark corner of RAM and hijack some unlucky thread. On Windows machines, who knows, maybe we'll see a convenient hardware dongle to assrape the DRM path while it's looking the other way...
Don't even have to move the laptop somewhere secluded to rip it apart. Just plug in your 'music player.'
"Did you mean ?"
Woah! I didn't even know people could bend that way!
Thank you Google Sex Search!