Posts by Roo

Folks you really shouldn't be downvoting facts you disagree with. Vogon made a fair point, albeit completely tangential to the fact that closed source gets in the way of identifying & mitigating vulnerabilities. :)

"Open SSL remote get root exploits used by Slapper"

Apparently that requires OpenSSL process to be running as root - which is possible, but SOP is to run web servers and other network services as anything-but-root to mitigate the risk of a remote attacker being able to root the box ;)... In the case of services like OpenSSH that *really* need root, privilege separation can be used to mitigate the risk of remote root exploits.

"It's a shame Linux doesn't have sensible and modular architecture that can control authentication centrally"

Why doesn't PAM (http://www.linux-pam.org/whatispam.html) qualify in your estimation ?

Re: My Question

"Which part of the Windows kernel is its trusted computing base? That is, which part is responsible for guaranteeing the invariant of the operating system?"

The following paragraph from the article linked by Dan 55 may answer your question:

"Finally, it's important to understand that this design is not fundamentally "risky." It is identical to the ones used by existing I/O Manager drivers (for example, network card drivers and hard disk drivers). All of these drivers have been operating within the Windows NT Executive since the inception of Windows NT with a high degree of reliability."

NT had no trusted computing base to start with, and MS were quite happy with that...

Here's the 'Security' section of that article, quoted verbatim (it is one of the shortest sections):

"Due to the modular design of Windows NT moving Window Manager and GDI to kernel mode will make no difference to the security subsystem or to the overall security of the operating system this will also have no effect on the C2 or E3 security certification evaluation, other than making it easier to document the internal architecture of Windows NT."

I really cant decide if that paragraph is a result of ignorance or corporate fecklessness.

Re: Kernel mode fonts

"But please, do continue with your rant, O Great Sage! I'm sure no other OS has ever included code designed in an era when dial-up Internet access from home was still a novelty even for most IT experts."

In the PC space, agreed. However NT was actively marketed as a replacement/alternative to UNIXen at the time of 3.51 & 4.0, and it shipped with TCP/IP & IPX support out of the box, so lack of knowledge about networking would be a very weak excuse IMO.

The best excuse I can come up with for MS's naivete is their products mostly ran on single-user boxes. By contrast the multi-user OSes of the time had been secured against hundreds of users trying to steal resources and play pranks on each other for a couple of decades.

That is an excuse though, it's not a good reason. :)

Firstly, thanks for making the effort to engage Vogon. :)

"Thanks to Open SSL etc, we know that the quality of Open Source code is often awful with zero proper security reviews in 18+ years..."

OpenSSL is one project out of many, just as MS is one vendor out of many. Just because MS decided to throw third party code into ring 0, I don't assume that IBM pulled the same stunt with z/OS.

"so being in public view doesn't mean anything is secure."

Quite correct, I am in violent agreement with you on that score.

Bad code can happen anywhere, the trick is to identify it & mitigate it before it burns you. In the case of OpenSSL quite a few outfits forked it because they couldn't get their patches accepted or vuln reports accepted (and this was a common complaint levelled against OpenSSL for a very long time). In the case of Windows we've known about the risks of running third party code at ring 0 for decades, and MS just hasn't listened or decided it's enough of a problem until there are heavily publicised attacks out in the wild. From the point of view of the end user the material difference is that an MS font rendering vuln gives root to the attacker whereas vulns such as Heartbleed compromise user processes.

At the end of the day it's your choice to make excuses for vendors with massive margins, personally I would like them to actually fix the defects in the products that folks buy from them. Hell, even if I didn't pay MS anything I'd want their stuff fixed because those flaws cost productivity and that impacts my spending power.

Re: Kernel mode fonts

"Thing is, your screen will get rendered kernel-side here, too--either by the source or by your machine."

This is really basic stuff, you should do some reading about it instead of trying to guess what happens. Here's a clue for you: You can map a framebuffer into userspace. Windows could do that too.

"Windows might have it's holes, but it has fewer than most of the competition."

The problem with that statement is you are comparing apples to oranges. Closed source development hides faults so that the customers don't get scared off. Barely a month goes by without a vendor silencing a security researcher, that should tell you all you need to know about the accuracy of vulnerability counts for closed source.

Re: Adobe crapware again?

"Well, consider that font handling is a basic OS function (meaning it gets used all the time) AND that graphics drivers are in kernel space for performance reasons,"

I suspect that convenience and slinging the software out of the door as fast as possible also played a part.

"how else are you going to get smooth and speedy font rendering without tons of time-wasting context switching?"

There are a number of techniques you can use to reduce context switching without running complex application code in the kernel. Two of the simple and obvious ones are:

1) Build up a display list (usually made up of primitives) then render list all in one go.

2) For fonts and other oft-replicated items you can cache the rendered glyphs so you don't need to keep re-rendering them. Some systems even cached glyphs in off-screen display memory as well.

if you want to learn more there are a lot of books & papers out there on the topic and there are millions of lines of production code you can read through (for free). In my case I used to religiously read through every copy of IEEE Computer Graphics & Applications and databook I could get my hands on. You may find hardcopies of early 90s CG&A hard to find, so might be worth a look at computer.org to see if they have digital editions of the back-issues. If you are lucky you will a corporate tech library or university that will be only too happy to have you take away all their old copies - just ask them.

Re: Adobe crapware again?

"Troll or 15-year old who has just discovered fanboism?"

Either way they appear to be too lazy and stupid to read the source code and find out how it works.

Re: Adobe crapware again?

"Microsoft Windows does not release any OpenType fonts natively. However, third-party applications could install them and they could be affected by this change"

Sure the library is broken, sure it might well be Adobe's shit code, but the decision to run a Font library in kernel mode was all Microsoft. This particular class of problem has been a pointed out to MS and the user community on numerous occasions - going back to at least NT 4.0.

I am hoping the fix stops running that library in kernel mode in addition to fixing the code, but the fact that MS & their fans have expended more energy on burying the bad news than fixing the problem so far doesn't give me much hope.

Re: No jail?

"I guess the CPS looked at it, and found that there wasn't enough evidence to prosecute."

It's entirely possible the CPS is actually working on it. I suspect that the CPS would prefer to recover the proceeds of the crime rather than impose a custodial sentence, and it's entirely possible that they have already started this process. The lawyers of clients have a habit of making the whole process very difficult. ;)

If it were workable fraudsters could automatically declared bankrupt and held under house arrest indefinitely until the proceeds of their crime are fully recovered. If they can't afford to run their home with no visible means of support they could be given a £15 tent, a 2nd hand knife & fork from an airline meal, and a patch of beach next to Sellafield to live on.

I reckon a bottle of Buckfast could account for those angry words, no need for "drugs". :)

Re: Sorry...

"I see no such demands in my post

Of course not."

Right, so even you know it's not true and that isn't my position.

I didn't even want to engage in a pissing contest, it's not worth it. All I was hoping for was that folks would spend 5 minutes having a look at plan B because it may work out well for them. I don't think that counts as zealotry and I don't really think it's worth having a flamewar over either because it's common sense.

"your quite frankly religious sounding zealotry"

That is your own zealotry you are hearing, because you are referring to the stuff that you made up.

"And yes, I'll hurl insults over that. I have no time for religious wankers of any description."

It is you who is behaving like a "religious wanker" (insults, misrepresentation, pretending you know what other people think, asserting you know best with zero evidence to back it up, intolerance), and as a rule dogmatic loudmouths don't tolerate competition, so that comes as no surprise.

"You aren't sounding like much fun to work with.

I'm not."

... because being around someone who misrepresents folks and then flames them on the basis of that misrepresentation isn't fun, it's just plain old bullying and bullshit.

Re: Sorry...

"I flatly refuse your demands to undertake affirmative action regarding open source and present it's relevance disproportionately to reality."

I see no such demands in my post, you are making that up - along with most of the rest of your reply.

All I am trying to say is I think your position is too absolute, too black or white. By return you have reiterated your point that you think that's the only valid approach, hurled some insults and declared anyone to differ with your opinion to be incompetent.

You aren't sounding like much fun to work with.

Re: Sorry...

"Which, quite frankly, is perfectly rational if you know anything about the technologies involved and have actually had to administer them in the field."

You are coming across all "Trevor's Way or Highway", when in actual fact the world doesn't revolve around Windows, as you well know judging by your articles at El Reg. I'm quite happy for you to state you think there are no options, but I have seen cases where there is no option but to move off Windows. I would agree that Windows & Open Source have closed the gaps a lot over the last decade - but in my view that is making them *more* interchangeable not less.

"It is absolutely a safe assumption to make that Windows --> Windows will be easier than Windows --> Linux with a one month timeframe remaining on the clock, because the number of instances where Windows --> Linux is easier than Windows --> Windows is irrelevantly small to start with."

We can argue about the scale of the last category 'til the cows come home, but the point is that category does exist (albeit most of the low hanging fruit has long since gone), which is why I said it's a mistake to *assume*. There are quite a few businesses out there that couldn't exist without taking the Open Source route.

It's not an Windows or Linux equation, Open Source has grown more through opening up new markets than cannibalizing Windows market share - obvious examples being bits of iOS & Android.

"If you can't accept that simple fact then you don't belong in IT."

I am sure that I don't "belong" in the form of "IT" that you are espousing at the minute, and I am quite happy not to "belong" to it.

"You should be out founding religions."

Nah, I'll leave that to Steve Ballmer, he's done a far better job than I ever could, and I could never make the line "Developers! Developers! Developers!" as memorable as Steve did.

Re: Sorry...

"I agree with Trevor's comments, ie. that windows->unix migration is a major project in itself and should not be confused with a Windows -> Windows upgrade."

It is a mistake to *assume* that Windows->Windows upgrades are always less effort than migrating off Windows (Note: this applies to other OSes too). Have all you guys forgotten Vista already ? Besides if folks have left it this late to jump off the sinking 2K3 ship they either don't care enough, or they can't move due to something missing/changed the later cuts of Windows.

Trevor does briefly mention a more sensible nuanced approach where the low-hanging fruit is moved away from 2K3. I wish he made more of that instead of dedicating yet more column inches to banging the "You must upgrade Windows or be Doomed Drum".

Re: Taxi Licenses

"In my city taxi licenses are expensive and limited in total number granted.

If I were a taxi driver I'd probably be upset with Uber and the governing body."

I get that, however they really should be venting their spleen at the authorities with the aim of working out to a more equitable solution for everyone involved.

Re: Goodness.

"If Windows 10 gets anything near this positive a review on this site next month - bias or not I'll show my arse in ASDA."

I will award an upvote if you do indeed show your arse in ASDA. Has to be in front of the frozen veg section, and there must be pictures or it didn't happen.

Re: Actually, this is pretty sensible

"What's so crazy about taking the good parts of the "cloud", namely virtualization and flexible provisioning, but not handing your data over to a disinterested third party?"

The problem is there is no such thing as a "disinterested" third party when it comes to buying a platform (or anything else), the third party will want to take as much money off you as possible while spending as little as possible to deliver the product. For that reason it would be very naive to assume that their motives and goals are compatible with your own.

You only have to look at the continual battle to get vendors to fix product defects to see how that works in practice.

Re: Sounds like a bigoted, stereotyping git to me

"I'm not sure how it works in England, but most highly-compensated bank employees here in the US are drawn from the Ivy League old-money crowd"

I think it's fair to say that the something similar applies here in the UK too, although I suspect very few of the "old-money" crowd would do something as boring as working for a bank, the "new-money" folks seem to be well represented though.

Re: Doesn't this fit nicely

Indeed.

The down voters won't present a rational counter-argument because they don't have one.