Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Where is the world going? : Re: Where is the world going? Server Time
29 Jul 2024 10:23:16 EDT (-0400)
  Re: Where is the world going?  
From: Jim Henderson
Date: 7 Sep 2013 16:46:57
Message: <522b90c1@news.povray.org>
 
On Fri, 06 Sep 2013 20:35:10 -0700, Patrick Elliott wrote:

> On 9/5/2013 4:20 PM, Jim Henderson wrote:
>> On Thu, 05 Sep 2013 15:56:42 -0700, Patrick Elliott wrote:
>>
>>> Bad examples, all of them.
>>
>> I'm not surprised you think so, because they undercut your assertion. 
>> I happen to think they're pretty good examples because they reflect the
>> reality of the computing environments I've had to deal with in my life.
>> But what do I know - I only started as a systems admin about 20 years
>> ago and worked with technology for most of my life.
>>
>> But I'll indulge in further discussion.
>>
> I consider them all bad examples because, in terms of computing, they
> imply that a penny jar is "illegal", on the grounds that taking penny
> from it is theft, since taking it from the cash register drawer is. This
> is a complete absurdity, from the first word.

So again, how would you distinguish - technologically - between a "valid" 
odd request and a malicious one?

>> Such as what, exactly?  Got a better idea?  Because I'm sure those who
>> work on operating systems would love to hear your wisdom on this, since
>> you clearly have superior knowledge to those who, you know, /actually/
>> work on this stuff for a living.
>>
> Ur.. I would presume "security". See, the way I see it, this measure
> they took wasn't to improve security at all, it was to damn up gaps in a
> wall, so they thieves couldn't get out, while still letting them in
> through the front gate.

That's not a specific implementation, Patrick.  Try again.  You want to 
say that the current system sucks, fine - but propose something better.  
Dont' just say "security" as if that's a magic bullet.  That's not 
something specific to be implemented, it's a concept.  You're smarter 
than that.

> Personally, with computers as they are now, I don't see a reasonable
> argument why "small" programs, of the size that you get botnets out of,
> couldn't run in a VM, by default, and have to be "allowed" into the
> wider system, if you actually need them to do something. It minimum, it
> would curtail most of the problem, since the only reason these things
> get installed in the first place is because they "install" as part of an
> non-legit process, from some fool running things they shouldn't. They
> don't generally a) do anything else, or b) do what they claim to, in
> some cases, or c) get attached to anything more complex than, say, a
> flash video. They don't general have an impact no *nix systems, due to
> the simple fact that you can't even run something like that on them,
> even if they where an executable, without knowing how to enable them to
> run in the first place.
>
> That would, imho, be a damn good start on it. MS didn't want to fix
> their core problem, so they came up with one that "broke" existing
> functionality, probably even for more than just that class of
> applications, then, 10+ years later they "finally" fixed some of the
> actual security.

Technological implementation details, Patrick. Those are important.  Not 
general "just do it" type BS language.  How do you tell if a "small" 
program is a botnet or just a simple CLI utility (as is typical in the 
*nix world) that does a specific task?

What is the specific threshold for a "small" program?  Again, you're not 
talking in specific technological steps that can be implemented, you're 
talking in broad generalities, which are actually not implementation 
plans or things that can be coded.

Show me the language that lets you code up:

 if (program is not valid)
   reject program's request to open a port (or whatever)
 else
   let program run without a problem

> So, I would say another good argument might be, "Why the F do I care if
> someone 'might' install a botnet on the machine, due to the vast lack of
> security to stop someone accidentally doing so, if all someone that
> wants to frack me over has to do is figure out what the magic numbers
> are, which the NSA keeps hidden? Sigh...

You might not care, but I can tell you that people who run a 'net 
connection that has a monthly usage cap would certainly give a damn if 
their computer started chatting with a bot network without their 
knowledge.  People understand when they have to pay penalties because 
their ISP has decided they're only allowed, say, 300 MB per month on 
their plan (I know someone in Spain with that limitation).

You're not making any practical suggestions at all, which just suggests 
to me that you don't understand what you're talking about when it comes 
to technology.

Because yeah, "security" - that's the specific and detailed answer you've 
provided.  Except it's not specific, and it certainly isn't detailed.

Jim


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.