Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Where is the world going? : Re: Where is the world going? Server Time
29 Jul 2024 12:29:50 EDT (-0400)
  Re: Where is the world going?  
From: Patrick Elliott
Date: 8 Sep 2013 13:24:20
Message: <522cb2c4$1@news.povray.org>
 
On 9/7/2013 1:46 PM, Jim Henderson wrote:

>> Ur.. I would presume "security". See, the way I see it, this measure
>> they took wasn't to improve security at all, it was to damn up gaps in a
>> wall, so they thieves couldn't get out, while still letting them in
>> through the front gate.
>
> That's not a specific implementation, Patrick.  Try again.  You want to
> say that the current system sucks, fine - but propose something better.
> Dont' just say "security" as if that's a magic bullet.  That's not
> something specific to be implemented, it's a concept.  You're smarter
> than that.
>
Sigh.. You do realize that when they came up with this absurd solution 
it was back with like 98/XP, where half the security they added since 
didn't exist at all? So, sorry, but its not nonsensical to suggest 
adding things that don't bloody exist *at all* in the OS in the first 
place. As I pointed out, a big solution would be, "don't let people run 
things without explicitly saying its OK to do so." We can argue whether 
the current MS method of just asking, or the *nix version of having to 
know what the F you are doing, in order to explicitly set run 
permissions is better, and for whom, but the problem, for years, with 
windows, and still is, in some cases, that things can either install 
without asking, or circumvent safeguards, or, and this is the stupidest 
one - nearly every installer under windows triggers the, "Are you sure 
you want this thing to alter your machine?", question, which means 
people will ignore the safeguard anyway. At best.. some of them might 
question why a flash animation needs to, "change you machine 
configuration", but seriously...

>> That would, imho, be a damn good start on it. MS didn't want to fix
>> their core problem, so they came up with one that "broke" existing
>> functionality, probably even for more than just that class of
>> applications, then, 10+ years later they "finally" fixed some of the
>> actual security.
>
> Technological implementation details, Patrick. Those are important.  Not
> general "just do it" type BS language.  How do you tell if a "small"
> program is a botnet or just a simple CLI utility (as is typical in the
> *nix world) that does a specific task?
>
I would say, not even a CLI, if it doesn't come with the OS, should be 
allowed to do anything, unless you damn well know what it does, and 
explicitly allow it. Or, more to the point, **especially** if its 
something that small. But, heh, what the F do I know... And, its always 
better to make everything "convenient", than make it safe, unless you 
plan to make it a) convenient enough, and b) safe to the point where 
doing what you want with it will brick the machine - i.e., most Apple 
products.


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.