Linux hits the world (cont #2)


log in

Advanced search

Message boards : Politics : Linux hits the world (cont #2)

1 · 2 · 3 · 4 . . . 17 · Next
Author Message
Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8601
Credit: 4,261,946
RAC: 1,409
United Kingdom
Message 1408406 - Posted: 27 Aug 2013, 18:33:34 UTC

The last thread ran a spectacular course, as has Linux itself.

What better way to start a new thread than with the news:


Linux 3.11-rc7 Celebrates 22 Years Of Linux

It was on this day twenty-two years ago that Linus Torvalds made the first public release of his Linux operating system. In celebrating the 22nd birthday...

... Hello everybody out there using Linux -

I'm doing a (free) operating system (just a hobby, even if it's big and professional) for 486+ AT clones and just about anything else out there under the sun. This has been brewing since april 1991, and is still not ready. I'd like any feedback on things people like/dislike in Linux 3.11-rc7...



IT is very much what we all make it...
Martin

____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile Chris SProject donor
Volunteer tester
Avatar
Send message
Joined: 19 Nov 00
Posts: 32648
Credit: 14,547,122
RAC: 14,732
United Kingdom
Message 1408457 - Posted: 27 Aug 2013, 20:13:17 UTC

Keep banging your drum Martin, but I have to say that the only person hearing it is you.

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8601
Credit: 4,261,946
RAC: 1,409
United Kingdom
Message 1408470 - Posted: 27 Aug 2013, 20:34:59 UTC - in response to Message 1408457.
Last modified: 27 Aug 2013, 20:35:57 UTC

Keep banging your drum Martin...

If you have forever sold you soul to Ballmer... Have you not heard that he is on his way out with a godly chunk of your money?...

Meanwhile, Linus remains as relaxed and as quixotic as ever and Linux works very well for myself and many others. Certainly allows more freedom than other systems...


IT is still what we make it, all the more so in recent times...

Do you know where your bits go?...
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Sirius B
Volunteer tester
Avatar
Send message
Joined: 26 Dec 00
Posts: 11977
Credit: 1,797,081
RAC: 593
Bermuda
Message 1408488 - Posted: 27 Aug 2013, 21:03:41 UTC - in response to Message 1408457.

For one who's professed to have ran a network of 1000 or more, that was uncalled for. Maybe you ought to give Linux a try as just like Windoze it has its +'s & -'s.
____________

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13706
Credit: 31,748,612
RAC: 13,417
United States
Message 1408490 - Posted: 27 Aug 2013, 21:08:22 UTC
Last modified: 27 Aug 2013, 21:20:31 UTC

http://arstechnica.com/security/2013/08/ios-and-android-weaknesses-allow-stealthy-pilfering-of-website-credentials/

"Dan Goodin @ ArsTechnica.com" wrote:
Computer scientists have uncovered architectural weaknesses in both the iOS and Android mobile operating systems that make it possible for hackers to steal sensitive user data and login credentials for popular e-mail and storage services.

Both OSes fail to ensure that browser cookies, document files, and other sensitive content from one Internet domain are off-limits to scripts controlled by a second address without explicit permission, according to a just-published academic paper from scientists at Microsoft Research and Indiana University. The so-called same-origin policy is a fundamental security mechanism enforced by desktop browsers, but the protection is woefully missing from many iOS and Android apps. To demonstrate the threat, the researchers devised several hacks that carry out so-called cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks to surreptitiously download user data from handsets.

The most serious of the attacks worked on both iOS and Android devices and required only that an end-user click on a booby-trapped link in the official Google Plus app. Behind the scenes, a script sent instructions that caused a text-editing app known as PlainText to send documents and text input to a Dropbox account controlled by the researchers. The attack worked against other apps, including TopNotes and Nocs.

"The problem here is that iOS and Android do not have this origin-based protection to regulate the interactions between those apps and between an app and another app's Web content," XiaoFeng Wang, a professor in Indiana University's School of Informatics and Computing, told Ars. "As a result, we show that origins can be crossed and the same XSS and CSRF can happen." The paper, titled Unauthorized Origin Crossing on Mobile Platforms: Threats and Mitigation, was recently accepted by the 20th ACM Conference on Computer and Communications Security.


[Edited to add] Oh, and before Martin has a chance to use this to dismiss the very important finding; yes, at least one of the researchers on the project works for Microsoft as the article mentions near the end. Though if he's like most professionals, he won't allow his employer's views to get in the way of finding data to support any assertion made.

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13706
Credit: 31,748,612
RAC: 13,417
United States
Message 1408491 - Posted: 27 Aug 2013, 21:11:27 UTC - in response to Message 1408488.

just like Windoze it has its +'s & -'s.


Fully agreed, but it does get rather tiresome to constantly see Marin bash Windows at every turn and praise Linux at every chance. A little bit of balance would be nice.

As I've said before, I have my own laundry list of complaints about Windows, but I find it preferable to use for a variety of reasons. I was, however, so pissed off about the closure of Technet that I immediately looked into replacing my desktop OS with Mint - and was blocked by being unable to simply make some Windows apps work through Wine and not having the time or motivation to look for alternatives (if any exist). So much for "it just simply works, reliably."

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 13200
Credit: 7,970,327
RAC: 15,810
United States
Message 1408494 - Posted: 27 Aug 2013, 21:15:12 UTC - in response to Message 1408491.

Fully agreed, but it does get rather tiresome to constantly see Marin bash Windows at every turn and praise Linux at every chance. A little bit of balance would be nice.

Balance or Reality?

+1

____________

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13706
Credit: 31,748,612
RAC: 13,417
United States
Message 1408498 - Posted: 27 Aug 2013, 21:17:53 UTC - in response to Message 1408494.

Fully agreed, but it does get rather tiresome to constantly see Marin bash Windows at every turn and praise Linux at every chance. A little bit of balance would be nice.

Balance or Reality?

+1


Wouldn't balance bring him back down to reality? ;-P

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 13200
Credit: 7,970,327
RAC: 15,810
United States
Message 1408917 - Posted: 28 Aug 2013, 17:57:07 UTC

More of that perfect Linux security ..,.
http://www.businessweek.com/articles/2013-08-28/how-syrian-hackers-found-the-new-york-times-australian-weak-spot

____________

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8601
Credit: 4,261,946
RAC: 1,409
United Kingdom
Message 1408927 - Posted: 28 Aug 2013, 18:21:37 UTC - in response to Message 1408917.

More of that perfect Linux security ..,.
http://www.businessweek.com/articles/2013-08-28/how-syrian-hackers-found-the-new-york-times-australian-weak-spot

So please explain your derogatory connection with what you are calling Linux for that one please?...

Or are you just desperate for anything you see as 'dirt' to drag the rest of the world down to what you consider to be 'perfect'? Or just trolling as usual?


Please explain the failing/exploit for your example...

IT is very much what we make it...
Martin

____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8601
Credit: 4,261,946
RAC: 1,409
United Kingdom
Message 1408929 - Posted: 28 Aug 2013, 18:22:48 UTC - in response to Message 1408498.

... balance ...

And the balance swings which way?


IT is what we make it...
Martin

____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13706
Credit: 31,748,612
RAC: 13,417
United States
Message 1408977 - Posted: 28 Aug 2013, 20:08:40 UTC - in response to Message 1408929.

... balance ...

And the balance swings which way?


I'll tell you what; you start listing honest issues and criticisms with Linux and I'll start venting my frustrations with Microsoft products.

I'm not the one that creates threads to glorify Microsoft, and I certainly don't push or insist people on using MS products. I give my honest opinion when someone asks for opinions, and I try to offer help whenever I see that I can help someone, but I don't go out of my way to "convert" people - such as what I've frequently seen you do in various threads with Windows or virus issues.

The first step to having Linux dominate is to admit to it's flaws and work to fix them. No hand-waiving; no dismissing; no "you're holding it wrong". Even Bill Gates turned a critical eye on the Microsoft environment. There's nothing wrong with admitting the problems. You don't have to compete on a "perception of perfection". Just admit the shortcomings and work toward resolving them.

After all, IT is what we make it, right?

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 13200
Credit: 7,970,327
RAC: 15,810
United States
Message 1409014 - Posted: 28 Aug 2013, 21:14:27 UTC - in response to Message 1408927.

More of that perfect Linux security ..,.
http://www.businessweek.com/articles/2013-08-28/how-syrian-hackers-found-the-new-york-times-australian-weak-spot

So please explain your derogatory connection with what you are calling Linux for that one please?...

Tell me, do you think any M$ product is up to running a Domain Name Registrar? If so please list the product(s). What is left is Linux. Obviously hacked, again!

____________

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8601
Credit: 4,261,946
RAC: 1,409
United Kingdom
Message 1409038 - Posted: 28 Aug 2013, 22:35:34 UTC - in response to Message 1409014.

Tell me, do you think any M$ product is up to running a Domain Name Registrar? If so please list the product(s). What is left is Linux. Obviously hacked,again!

You are just fluffing.

The particular Registrar wasn't "hacked". The perpetrators guessed or were given the login details for the particular user. Hence why only the one particular DNS address for the one website was affected...

Now... I'm the first to admit that our decades old system of usernames and passwords is fundamentally bad for human users and insecure for that. However, that has pretty much nothing to do with Linux. Indeed, some FLOSS projects are pioneering better alternatives. (If only we could get Banking to be a lot more sensible and security conscious!)


Next for your irrational attacks?

IT is what we make it,
Martin

____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 13200
Credit: 7,970,327
RAC: 15,810
United States
Message 1409041 - Posted: 28 Aug 2013, 22:43:47 UTC - in response to Message 1409038.

The particular Registrar wasn't "hacked". The perpetrators guessed or were given the login details for the particular user. Hence why only the one particular DNS address for the one website was affected...

Didn't read the article did you ... par for the course, can't allow facts to burst your bubble.

____________

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8601
Credit: 4,261,946
RAC: 1,409
United Kingdom
Message 1409262 - Posted: 29 Aug 2013, 10:03:09 UTC - in response to Message 1409041.
Last modified: 29 Aug 2013, 10:05:21 UTC

The particular Registrar wasn't "hacked". The perpetrators guessed or were given the login details for the particular user. Hence why only the one particular DNS address for the one website was affected...

Didn't read the article did you ... par for the course, can't allow facts to burst your bubble.

You continue to fluff. Note your complete lack of facts and vague finger pointing. Spit it out clearly and directly please, or you are welcome to be labelled as a FUD-mongerer.


So again, directly, your point is what? And with what detail/links?

And for your balance, how does that compare to other operating systems?


Your continued vague trolling and mud-slinging is noted. Please start your own XYZ-is-great thread if you wish to show the world what is really good.

IT is what we all make it...
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8601
Credit: 4,261,946
RAC: 1,409
United Kingdom
Message 1409298 - Posted: 29 Aug 2013, 12:24:25 UTC

For a little of the requested 'balance' recently, here's a little giggle to counter-balance the balance on Message 1409297:


(Those of a sensitive disposition, please do not click!)

YouTube: Hitler and Open Source



IT is very much what we make it...
Martin

____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13706
Credit: 31,748,612
RAC: 13,417
United States
Message 1409313 - Posted: 29 Aug 2013, 13:23:43 UTC

http://arstechnica.com/security/2013/08/unpatched-mac-bug-gives-attackers-super-user-status-by-going-back-in-time/

"Dan Goodin @ ArsTechnica.com" wrote:
Researchers have made it easier to exploit a five-month-old security flaw that allows penetration testers and less-ethical hackers to gain nearly unfettered "root" access to Macs over which they already have limited control.

The authentication bypass vulnerability was reported in March and resides in a Unix component known as sudo. While the program is designed to require a password before granting "super user" privileges such as access to other users' files, the bug makes it possible to obtain that sensitive access by resetting the computer clock to January 1, 1970. That date is known in computing circles as the Unix epoch, and it represents the beginning of time as measured by the operating system and most of the applications that run on it. By invoking the sudo command and then resetting the date, computers can be tricked into turning over root privileges without a password.

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8601
Credit: 4,261,946
RAC: 1,409
United Kingdom
Message 1409326 - Posted: 29 Aug 2013, 13:51:51 UTC - in response to Message 1409313.
Last modified: 29 Aug 2013, 13:56:47 UTC

http://arstechnica.com/security/2013/08/unpatched-mac-bug-gives-attackers-super-user-status-by-going-back-in-time/

"Dan Goodin @ ArsTechnica.com" wrote:
Researchers have made it easier to exploit a five-month-old security flaw that allows penetration testers and less-ethical hackers to gain nearly unfettered "root" access to Macs over which they already have limited control.

The authentication bypass vulnerability was reported in March and resides in a Unix component known as sudo. ... By invoking the sudo command and then resetting the date, computers can be tricked into turning over root privileges without a password.

Thanks for that, that's quite a good one.

As always, you've missed off a few bits:

... While the bug also affected many Linux distributions, most of those require a root password to change the computer clock. Macs impose no such restrictions on clock changes...

Mac users should realize that an attacker must satisfy a variety of conditions before being able to exploit this vulnerability. For one, the end-user who is logged in must already have administrator privileges. And for another, the user must have successfully run sudo at least once in the past. And of course, the attacker must already have either physical or remote shell access to the target machine. In other words: this exploit can't be used in the kind of drive-by webpage attacks...


Also note:

... edit the sudo config, and adding the line

Defaults timestamp_timeout=0

You'll then be asked for a password at each sudo call, no matter how close to the previous successful call.



Regardless, that is rather interesting for how it all happened:

Anatomy of a bug - the five minute insecurity window in the sudo command

Note also that the bug was very quickly fixed once found:

sudo: Authentication bypass when clock is reset


So? The message is?

As always, updates are needed and noone is perfect, hence updates are needed. The problem as always is to ensure safe updating.

So far, FLOSS and the open source community appear to get this far more right than the secretive proprietary world. "By design" also helps.


(Note, there is no need to bother posting all and every minor problem with such as Windows on the Win8 thread, just the major problems list is long enough! There's so very overwhelming many that would guarantee noone would read it! Oh, I see... That is the game is it?)


IT is very much what we make it,
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13706
Credit: 31,748,612
RAC: 13,417
United States
Message 1409334 - Posted: 29 Aug 2013, 14:28:13 UTC - in response to Message 1409326.

As always, you've missed off a few bits


I didn't miss anything. I purposely leave parts off to see who reads the articles. I'm glad to see you follow through.

1 · 2 · 3 · 4 . . . 17 · Next
Post to thread

Message boards : Politics : Linux hits the world (cont #2)

Copyright © 2014 University of California