 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 06 Sep 2013 20:35:10 -0700, Patrick Elliott wrote:
> On 9/5/2013 4:20 PM, Jim Henderson wrote:
>> On Thu, 05 Sep 2013 15:56:42 -0700, Patrick Elliott wrote:
>>
>>> Bad examples, all of them.
>>
>> I'm not surprised you think so, because they undercut your assertion.
>> I happen to think they're pretty good examples because they reflect the
>> reality of the computing environments I've had to deal with in my life.
>> But what do I know - I only started as a systems admin about 20 years
>> ago and worked with technology for most of my life.
>>
>> But I'll indulge in further discussion.
>>
> I consider them all bad examples because, in terms of computing, they
> imply that a penny jar is "illegal", on the grounds that taking penny
> from it is theft, since taking it from the cash register drawer is. This
> is a complete absurdity, from the first word.
So again, how would you distinguish - technologically - between a "valid"
odd request and a malicious one?
>> Such as what, exactly? Got a better idea? Because I'm sure those who
>> work on operating systems would love to hear your wisdom on this, since
>> you clearly have superior knowledge to those who, you know, /actually/
>> work on this stuff for a living.
>>
> Ur.. I would presume "security". See, the way I see it, this measure
> they took wasn't to improve security at all, it was to damn up gaps in a
> wall, so they thieves couldn't get out, while still letting them in
> through the front gate.
That's not a specific implementation, Patrick. Try again. You want to
say that the current system sucks, fine - but propose something better.
Dont' just say "security" as if that's a magic bullet. That's not
something specific to be implemented, it's a concept. You're smarter
than that.
> Personally, with computers as they are now, I don't see a reasonable
> argument why "small" programs, of the size that you get botnets out of,
> couldn't run in a VM, by default, and have to be "allowed" into the
> wider system, if you actually need them to do something. It minimum, it
> would curtail most of the problem, since the only reason these things
> get installed in the first place is because they "install" as part of an
> non-legit process, from some fool running things they shouldn't. They
> don't generally a) do anything else, or b) do what they claim to, in
> some cases, or c) get attached to anything more complex than, say, a
> flash video. They don't general have an impact no *nix systems, due to
> the simple fact that you can't even run something like that on them,
> even if they where an executable, without knowing how to enable them to
> run in the first place.
>
> That would, imho, be a damn good start on it. MS didn't want to fix
> their core problem, so they came up with one that "broke" existing
> functionality, probably even for more than just that class of
> applications, then, 10+ years later they "finally" fixed some of the
> actual security.
Technological implementation details, Patrick. Those are important. Not
general "just do it" type BS language. How do you tell if a "small"
program is a botnet or just a simple CLI utility (as is typical in the
*nix world) that does a specific task?
What is the specific threshold for a "small" program? Again, you're not
talking in specific technological steps that can be implemented, you're
talking in broad generalities, which are actually not implementation
plans or things that can be coded.
Show me the language that lets you code up:
if (program is not valid)
reject program's request to open a port (or whatever)
else
let program run without a problem
> So, I would say another good argument might be, "Why the F do I care if
> someone 'might' install a botnet on the machine, due to the vast lack of
> security to stop someone accidentally doing so, if all someone that
> wants to frack me over has to do is figure out what the magic numbers
> are, which the NSA keeps hidden? Sigh...
You might not care, but I can tell you that people who run a 'net
connection that has a monthly usage cap would certainly give a damn if
their computer started chatting with a bot network without their
knowledge. People understand when they have to pay penalties because
their ISP has decided they're only allowed, say, 300 MB per month on
their plan (I know someone in Spain with that limitation).
You're not making any practical suggestions at all, which just suggests
to me that you don't understand what you're talking about when it comes
to technology.
Because yeah, "security" - that's the specific and detailed answer you've
provided. Except it's not specific, and it certainly isn't detailed.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 06 Sep 2013 17:01:44 -0400, Francois Labreque wrote:
> Why would they need fewer people to support FAT32 by arbitrarily
> limiting the size of the drives you can use it on to 1/1000th of its
> full potential?
Because when the code was written, it was written. To extend the
limitation requires more code be written. To support that extra space in
other applications requires testing and QA.
Have you worked in a software company? Do you know how software
development and QA is done?
Even a /minor/ change to the code (say to make disk space reports not
turn up negative numbers) requires regression testing to make sure it
doesn't break anything else. *Trivial* stuff being fixed, done by large
software companies, certainly, is not actually a trivial thing.
>>> As for this particular instance, it's no longer an issue. My employer
>>> has forced all of us off Windows and onto OSX or Linux, for security
>>> reasons, and I have no problem formatting disks there.
>>
>> See? Problem solved. :)
>>
>>
> Probably not in the way MS expected, though.
Well, MS doesn't always get to win. In the end, in spite of the
limitations and problems (and I'm speaking as a user of Linux on the
desktop since the late 90's), Microsoft ain't going anywhere, and people
are going to just continue to use it, warts and all.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Sat, 07 Sep 2013 03:32:11 -0400, Warp wrote:
> Francois Labreque <fla### [at] videotron ca> wrote:
>> >> Where are they saving money? The code to fdisk a drive with FAT32
>> >> is still there in the code. In fact, they had to write even more
>> >> code to check the size of the disk before deciding if they would
>> >> make FAT32 one of the available formats.
>> >
>> > I would guess that they need fewer staff to support fat32, fewer
>> > developers to maintain it, fewer testers to test it, etc. It all
>> > adds up.
>> >
>> >
>> Why would they need fewer people to support FAT32 by arbitrarily
>> limiting the size of the drives you can use it on to 1/1000th of its
>> full potential?
>
> Is there a reason why someone would want to use FAT32 instead of eg.
> NTFS?
>
> FAT32 is significantly slower than NTFS with some operations. (For
> example,
> defragmenting a large FAT32 partition can take over 24 hours, while the
> exact same partition with the exact same data as NTFS takes something
> like 15 minutes to defragment.)
Arguably, NTFS is a journaled filesystem, and journaled filesystems on
flash media generally burn them out faster. Wear leveling helps with it,
but the journal really isn't desirable on that type of media because it
shortens the media's life.
FAT32 (or vfat) is also desirable for lots of mobile devices (for that
very reason) and for portability between different operating systems.
While NTFS-3G provides pretty decent NTFS support in Linux, it's still
not as mature as the vfat/fat32 support in the kernel (of course, it
never really will be).
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
>
> Is there a reason why someone would want to use FAT32 instead of eg. NTFS?
>
Yes, there is - it's pretty universally supported.
For example my camera doesn't support NTFS on the memory cards. It does
support FAT32, though. And with FAT32 the memory card is fully usable on
my work machines (WinXP, Win2003 and Win7) and my own machine (usually
Linux) without any hassling or problems.
-Aero
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/7/2013 1:46 PM, Jim Henderson wrote:
>> Ur.. I would presume "security". See, the way I see it, this measure
>> they took wasn't to improve security at all, it was to damn up gaps in a
>> wall, so they thieves couldn't get out, while still letting them in
>> through the front gate.
>
> That's not a specific implementation, Patrick. Try again. You want to
> say that the current system sucks, fine - but propose something better.
> Dont' just say "security" as if that's a magic bullet. That's not
> something specific to be implemented, it's a concept. You're smarter
> than that.
>
Sigh.. You do realize that when they came up with this absurd solution
it was back with like 98/XP, where half the security they added since
didn't exist at all? So, sorry, but its not nonsensical to suggest
adding things that don't bloody exist *at all* in the OS in the first
place. As I pointed out, a big solution would be, "don't let people run
things without explicitly saying its OK to do so." We can argue whether
the current MS method of just asking, or the *nix version of having to
know what the F you are doing, in order to explicitly set run
permissions is better, and for whom, but the problem, for years, with
windows, and still is, in some cases, that things can either install
without asking, or circumvent safeguards, or, and this is the stupidest
one - nearly every installer under windows triggers the, "Are you sure
you want this thing to alter your machine?", question, which means
people will ignore the safeguard anyway. At best.. some of them might
question why a flash animation needs to, "change you machine
configuration", but seriously...
>> That would, imho, be a damn good start on it. MS didn't want to fix
>> their core problem, so they came up with one that "broke" existing
>> functionality, probably even for more than just that class of
>> applications, then, 10+ years later they "finally" fixed some of the
>> actual security.
>
> Technological implementation details, Patrick. Those are important. Not
> general "just do it" type BS language. How do you tell if a "small"
> program is a botnet or just a simple CLI utility (as is typical in the
> *nix world) that does a specific task?
>
I would say, not even a CLI, if it doesn't come with the OS, should be
allowed to do anything, unless you damn well know what it does, and
explicitly allow it. Or, more to the point, **especially** if its
something that small. But, heh, what the F do I know... And, its always
better to make everything "convenient", than make it safe, unless you
plan to make it a) convenient enough, and b) safe to the point where
doing what you want with it will brick the machine - i.e., most Apple
products.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Sun, 08 Sep 2013 10:24:20 -0700, Patrick Elliott wrote:
> On 9/7/2013 1:46 PM, Jim Henderson wrote:
>
>>> Ur.. I would presume "security". See, the way I see it, this measure
>>> they took wasn't to improve security at all, it was to damn up gaps in
>>> a wall, so they thieves couldn't get out, while still letting them in
>>> through the front gate.
>>
>> That's not a specific implementation, Patrick. Try again. You want to
>> say that the current system sucks, fine - but propose something better.
>> Dont' just say "security" as if that's a magic bullet. That's not
>> something specific to be implemented, it's a concept. You're smarter
>> than that.
>>
> Sigh.. You do realize that when they came up with this absurd solution
> it was back with like 98/XP, where half the security they added since
> didn't exist at all? So, sorry, but its not nonsensical to suggest
> adding things that don't bloody exist *at all* in the OS in the first
> place.
Explain how saying "security" is a *specific* solution, Patrick. Provide
some details as to what you mean - what would you /specifically/ add to
provide "security"?
> As I pointed out, a big solution would be, "don't let people run
> things without explicitly saying its OK to do so."
UAC. Already implemented. Or do you mean every time you launch an
application, you want something to pop-up to say (clippy-style, perhaps)
"I notice that you want to start Microsoft Word. Are you sure?"
> We can argue whether
> the current MS method of just asking, or the *nix version of having to
> know what the F you are doing, in order to explicitly set run
> permissions is better, and for whom, but the problem, for years, with
> windows, and still is, in some cases, that things can either install
> without asking, or circumvent safeguards, or, and this is the stupidest
> one - nearly every installer under windows triggers the, "Are you sure
> you want this thing to alter your machine?", question, which means
> people will ignore the safeguard anyway. At best.. some of them might
> question why a flash animation needs to, "change you machine
> configuration", but seriously...
Oh, you want users to actually be required to understand computers before
they use them?
Good luck with that.
>>> That would, imho, be a damn good start on it. MS didn't want to fix
>>> their core problem, so they came up with one that "broke" existing
>>> functionality, probably even for more than just that class of
>>> applications, then, 10+ years later they "finally" fixed some of the
>>> actual security.
>>
>> Technological implementation details, Patrick. Those are important.
>> Not general "just do it" type BS language. How do you tell if a
>> "small" program is a botnet or just a simple CLI utility (as is typical
>> in the *nix world) that does a specific task?
>>
> I would say, not even a CLI, if it doesn't come with the OS, should be
> allowed to do anything, unless you damn well know what it does, and
> explicitly allow it. Or, more to the point, **especially** if its
> something that small. But, heh, what the F do I know... And, its always
> better to make everything "convenient", than make it safe, unless you
> plan to make it a) convenient enough, and b) safe to the point where
> doing what you want with it will brick the machine - i.e., most Apple
> products.
Oh, so you want a completely locked down system that can only do things
that the OS vendor allows. Again, no specifics, and in that particular
case, the "abnormal" things you'd want to do would be explicitly
prohibited because they're not allowed.
You're nto making any sense here at all.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson <nos### [at] nospamcom> wrote:
> UAC. Already implemented. Or do you mean every time you launch an
> application, you want something to pop-up to say (clippy-style, perhaps)
> "I notice that you want to start Microsoft Word. Are you sure?"
Like this? http://en.wikipedia.org/wiki/Microsoft_Security_Essentials
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Sun, 08 Sep 2013 15:36:28 -0400, Warp wrote:
> Jim Henderson <nos### [at] nospamcom> wrote:
>> UAC. Already implemented. Or do you mean every time you launch an
>> application, you want something to pop-up to say (clippy-style,
>> perhaps)
>> "I notice that you want to start Microsoft Word. Are you sure?"
>
> Like this? http://en.wikipedia.org/wiki/Microsoft_Security_Essentials
Basically reactive virus scanning. Nothing really new there.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/8/2013 11:47 AM, Jim Henderson wrote:
>> Sigh.. You do realize that when they came up with this absurd solution
>> it was back with like 98/XP, where half the security they added since
>> didn't exist at all? So, sorry, but its not nonsensical to suggest
>> adding things that don't bloody exist *at all* in the OS in the first
>> place.
>
> Explain how saying "security" is a *specific* solution, Patrick. Provide
> some details as to what you mean - what would you /specifically/ add to
> provide "security"?
>
Explain how "add a lock" to a door that doesn't have one is a "specific
solution". I mean, your not specifying what sort of lock, right? Sigh...
Enough.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Oh, and.. more to the point, now that they have something semi-decent,
they still block networking tools why? Its not like the botnet code is
going to, unless there is something fatally wrong with their "solution",
install itself any more, if the OS warns you now, when an application
tries to make the changes need for it to work, right? So, they are still
blocking the road why?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
