Re: Untrusted software and security click-through warnings

2007-10-02 Thread João Pinto 
I taught we were talking about users which are expected to understand what
is a software repository or what is a software install package, the security
improvement would be for those users, to make sure they would understand the
risks of using such resources.
In my opinion for users which do have the trivial understanding of software
installation on the system, the only safe approach is to not grant them
admin privileges at all.

I guess the goal is not to discourage users from downloading software of the
Web in general, the goal is to drive the users to install software from
trusted sources. Both repositories and web sites can be trusted or untrusted
sources.

The option of providing an installer dialog to present the users to the
basic rules of security when dealing with system software installation was
oriented for those which (I hope) are the minority of users which still do
not understand the risks of installing software from random sources,
probably it is not a feature that would make a difference for most users.

The major source of spyware/virus/trojans has been:
  1 - exploits which allow the unattended installation of software
  2 - fake software, or companion software

Case 1 can only be addressed by providing security fixes in time in case
such exploits are discovered
Case 2 can only be addressed by educating people on how to use the internet
on a safely manner, again, typing random commands from an untrusted web site
is a major security risk for any OS, and it is a very common practice for
Linux users in particular

Best regards,

2007/10/2, Matthew Paul Thomas [EMAIL PROTECTED]:

 On Oct 2, 2007, at 11:51 AM, João Pinto wrote:
  ...
  If PPAs availability increases there will be nasty people providing
  nasty packages, if you are concerned about naive users, then my first
  suggestion is to present an initial screen during Ubuntu install with:
  If you add extra repositories or install .debs from the web, please
  make sure you are using a trusted source, otherwise you may get
  malicious software, if it is important enough, let's make it hard to
  accept, it is a simple text o read (1 line), there is no excuse for
  next - next.
  ...

 Regardless of whether you think there is any excuse for next -
 next, most people would still do it, and wouldn't read the message.

 Even if they did read the message, most wouldn't have a clue what you
 meant by repositories, .debs, or trusted source.

 And even if they did understand the message, it could be weeks, months,
 or years later that they first had the opportunity to download software
 from the Web. Quite long enough to forget that they shouldn't be doing
 it.

 If you want to discourage people from downloading software off the Web,
 an operating system installer is hardly the place to do it.

 Cheers
 --
 Matthew Paul Thomas
 http://mpt.net.nz/
 --
 Ubuntu-devel-discuss mailing list
 Ubuntu-devel-discuss@lists.ubuntu.com
 Modify settings or unsubscribe at:
 https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss





-- 
João Pinto
GetDeb Package Builder
http://www.getdeb.net
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: regular fsck runs are too disturbing - and current approach does not work very well in detecting defects!

2007-10-02 Thread Phillip Susi 
Jan Claeys wrote:
 I'm not an Ubuntu developer, but if 'badblocks' looks for hardware
 defects, it's mostly useless on most hard disks in use these days.  The
 HDD firmware does internal bad block detection  replacement (using
 spare blocks on the disk reserved for that purpose).  So if you can
 detect any bad blocks using a software check, it means that your hard
 disk is almost dead and should be replace ASAP (like, rather today than
 tomorrow).

It can only remap the block on a write, not a read, but yea, 
smartmontools is a better method to monitor for defects.


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: regular fsck runs are too disturbing - and current approach does not work very well in detecting defects!

2007-10-02 Thread Jan Claeys 
Op dinsdag 02-10-2007 om 13:56 uur [tijdzone -0400], schreef Phillip
Susi:
 Jan Claeys wrote:
  I'm not an Ubuntu developer, but if 'badblocks' looks for hardware
  defects, it's mostly useless on most hard disks in use these days.  The
  HDD firmware does internal bad block detection  replacement (using
  spare blocks on the disk reserved for that purpose).  So if you can
  detect any bad blocks using a software check, it means that your hard
  disk is almost dead and should be replace ASAP (like, rather today than
  tomorrow).
 
 It can only remap the block on a write, not a read,

Which means it might be useful as an emergency solution while you're
waiting for the new disks to arrive.

 but yea, smartmontools is a better method to monitor for defects.

Indeed, 'smartmontools' for hardware-defects, fsck for
filesystem-defects.


About doing live fsck  defrag on a rw filesystem, IIRC Windows NT has
a system API for doing e.g. atomic swap 2 sectors operations; does
'linux', or any of the filesystem drivers for it, support something like
that?


-- 
Jan Claeys


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Gutsy's HAL is broken.

2007-10-02 Thread Scott (angrykeyboarder) 
I *can't* be the only one with this problem.

https://bugs.launchpad.net/ubuntu/+source/hal/+bug/147963


-- 
Scott
http://angrykeyboarder.com
©2007 angrykeyboarder™  Elmer Fudd. All Wites Wesewved


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss