Re^7: Perl 6 Module manager

Your point is a good one; not everyone wants to get under the hood and mess with the guts. Just because someone doesn't want to learn what's inside, doesn't mean they're dumb, lazy, or foolish. Computers should work like TV's - turn it on, it goes, and you don't have to know a thing about what's going on inside.

The problem is that we're not really there yet. I have yet to find a computer that didn't require me to intervene in some way (I have no experience with the Mac; some claim it's worry-free). All the computers I've had required me to dig into whatever version of Windows I had, to correct dumb mistakes that Microsoft made, to change the defaults to suit my tastes, and to beef up the security. I've had to buy and learn to use anti-virus, firewall, and anti-spyware software.

Most people I know have not the slightest interest in learning about their computers. They just want it to work. Unfortunately for them, they don't "just work". All these people have had serious, sometimes catastrophic, problems that included malware, screwed-up programs, and loss of data. This happened because they weren't aware of the need for protective software, or they weren't aware of bugs in the software they were using that could cause data loss, or they had no idea they should back up their data.

I chose to install Linux on some of my computers. As I mentioned above, installing Linux was as simple (or as difficult) as installing Windows. When I turned on the computer, it did "just work", though I had plenty of things to twiddle with if I wanted to get into trouble. It's a matter of choice. The main difference was that when I installed Windows, I had to do it twice. I neglected to disconnect the network cable, and before I had Windows properly installed, the computer was infected with Nimda.

You made an interesting comment about your sister's experience: With effort, it's perfectly possible to secure an MS system, and I have done that for her. This is important. She had you to help her out with this vital process. Without your expertise, I suspect that she might have had security problems. Or at least, she'd have had to learn a bunch of stuff about security.

One final note: Ken Thompson created a truly devious hack in which the source code did not reflect what the compiler did (he compromised the compiler). So even if you *do* read every line of your source code, you might still wind up with a compromised system.

Comment on Re^7: Perl 6 Module manager

Replies are listed 'Best First'.
Re^8: Perl 6 Module manager by BrowserUk (Patriarch) on Apr 24, 2006 at 07:05 UTC
The main difference was that when I installed Windows, I had to do it twice. I neglected to disconnect the network cable, and before I had Windows properly installed, the computer was infected with Nimda. Very strange. I've installed most versions of Windows at one time or another, most of them many times and on a variety of machines, but I've never had any of them initiate a connection to the network. Indeed, I don't recall ever having used a version of Windows that would allow me to connect to the internet until it (Windows itself), was fully installed such that I could (and had to), then install/configure the software required to connect to my choice of ISP. It's only at that point, when installing or configuring the software for an ISP, either from CD or pre-installed by the hardware vendor, that the system becomes connectable, and therefore vulnerable. It's hardly the fault of the OS vendor, if the ISP/hardware vendor supplied Internet connection software doesn't pre-install appropriate safeguards to protect the machine once it is connected. It is pretty much par for the course for MS to get blamed for the inadaquacies of these third parties. I'm not for one moment suggesting that MS do not carry a burden of responsibility. If they would set up their OEM distributions configured for maximum security--ie. disable about half of the services that are enabled and open by default--then far fewer exposures would result. But not all exposures are as a result of MS action or inaction, and attributing them all to MS without considering the other parties involved in the distribution and configuration chain just clouds the issues. You made an interesting comment about your sister's experience: ... She had you to help her out with this vital process. Without your expertise, I suspect that she might have had security problems. Agreed, but again I'll point the finger at the hardware vendor who tailored the OEM installation of XP that came on her machine. They completely re-configured the OS; custom backgrounds; help facilties; machine specific utilities and extensions. They added a gob-load of 3rd part software packages; including 3 or 4 "sign-up on first use" Internet connections. She chose to use one of these when she first got the machine. Despite all the configurations they made, they failed to set the machine up with a firewall. They didn't even enable the XP built in firewall. Inadaquate as it may be, it would have been better than nothing. Who do you blame here? Of course, MS could have enabled the firewall from the get go, but then 2 dozen firewall vendors would be launching law suites against them for "bundling" software with the machine and encroaching upon their marketplace. Sound familiar? As I understand it, if you install Linux, you are still responsible for obtaining and installing a firewall, and will be vulnerable, until you do. I've no idea how you go about configuring Linux to connect to the internet (via dialup); whether you just type a command and enter the phone number and password; or whether you need to install some additional software first. The OS cannot come pre-configured for your ISP. Either way, if you take those steps and then connect without having installed/configured/enabled a firewall (IPTables?), then you would also be vulnerable. Less likely to get found and exploited by virtue of obscurity--there are less dirtbags out there searching for and exploiting Linux vulnerabilities; at least so far--but still vulnerable. And if you use (say) Firefox, then you are still responsible for keeping up to date on the fixes to it's vulnerabilities. Like the 21 recently discovered. The same is true for other browsers. Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal? "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice.	[reply]

Replies are listed 'Best First'.

Re^8: Perl 6 Module manager
by BrowserUk (Patriarch) on Apr 24, 2006 at 07:05 UTC

The main difference was that when I installed Windows, I had to do it twice. I neglected to disconnect the network cable, and before I had Windows properly installed, the computer was infected with Nimda.

Very strange. I've installed most versions of Windows at one time or another, most of them many times and on a variety of machines, but I've never had any of them initiate a connection to the network. Indeed, I don't recall ever having used a version of Windows that would allow me to connect to the internet until it (Windows itself), was fully installed such that I could (and had to), then install/configure the software required to connect to my choice of ISP.

It's only at that point, when installing or configuring the software for an ISP, either from CD or pre-installed by the hardware vendor, that the system becomes connectable, and therefore vulnerable.

It's hardly the fault of the OS vendor, if the ISP/hardware vendor supplied Internet connection software doesn't pre-install appropriate safeguards to protect the machine once it is connected. It is pretty much par for the course for MS to get blamed for the inadaquacies of these third parties.

I'm not for one moment suggesting that MS do not carry a burden of responsibility. If they would set up their OEM distributions configured for maximum security--ie. disable about half of the services that are enabled and open by default--then far fewer exposures would result. But not all exposures are as a result of MS action or inaction, and attributing them all to MS without considering the other parties involved in the distribution and configuration chain just clouds the issues.

You made an interesting comment about your sister's experience: ... She had you to help her out with this vital process. Without your expertise, I suspect that she might have had security problems.

Agreed, but again I'll point the finger at the hardware vendor who tailored the OEM installation of XP that came on her machine. They completely re-configured the OS; custom backgrounds; help facilties; machine specific utilities and extensions. They added a gob-load of 3rd part software packages; including 3 or 4 "sign-up on first use" Internet connections. She chose to use one of these when she first got the machine. Despite all the configurations they made, they failed to set the machine up with a firewall. They didn't even enable the XP built in firewall. Inadaquate as it may be, it would have been better than nothing. Who do you blame here?

Of course, MS could have enabled the firewall from the get go, but then 2 dozen firewall vendors would be launching law suites against them for "bundling" software with the machine and encroaching upon their marketplace. Sound familiar?

As I understand it, if you install Linux, you are still responsible for obtaining and installing a firewall, and will be vulnerable, until you do. I've no idea how you go about configuring Linux to connect to the internet (via dialup); whether you just type a command and enter the phone number and password; or whether you need to install some additional software first. The OS cannot come pre-configured for your ISP.

Either way, if you take those steps and then connect without having installed/configured/enabled a firewall (IPTables?), then you would also be vulnerable. Less likely to get found and exploited by virtue of obscurity--there are less dirtbags out there searching for and exploiting Linux vulnerabilities; at least so far--but still vulnerable.

And if you use (say) Firefox, then you are still responsible for keeping up to date on the fixes to it's vulnerabilities. Like the 21 recently discovered. The same is true for other browsers.

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

[reply]