On Thu, Oct 08, 2015 at 07:53:02PM -0700, coderman wrote: > "security vs. usability", as ever...
Thats not what the discussion is about any longer, the discussion is about security and convenience. Thats what you fail to grasp, imho. > consider the Tor Browser PDF exploit that accessed $HOME for keys and other. > if Tor Browser (and Pidgin) are isolated from each other, this $HOME > type attack of reduced risk. > one example We both digress, OP asked about Pidgin being secure, which my answer was, it depends. Your answer could be understood as, it is more secure with an vm, that is were we disagree. > do you not see the benefit in isolating applications at risk of rogue > remote execution? I am not sure, what "rogue remote execution" is, please elaborate. Sounds like an assassin sniper to me. ;) > i agree it is not the only security measure, nor the most important. > but it is useful, and that is why i mention it. more useful would be > using a secure client, but, again, usability. Again, you write "usability" you fail at understanding, that OP is looking for a convenient and secure solution (he asked about Pidgin being secure). > > (educate OP) > i disagree with this approach. make the secure usable. don't force > users to adapt to "secure". Sorry, but your vm-fanboyism isn't helpful at all. > > Using Tor with Pidgin, we are at a disadvantage... > > If security is a result of good design, good design is when there > > is nothing left to remove and the design is still secure. > so, you're going to design and implement a usable, secure chat and presence? > :) Again, you tend to overengineer. And if OP is helped by understanding that he relies on very much infrastructure to transport a message from Alice to Bob and understands he *can* achieve "more secure" by either switching implementation or protocol. I consider this information more helpful than yours, which is basically "let us put it an vm", which doesn't cover any problems on the transport layer, it addresses only local problems, that can be dealt without a VM properly. > > Contrary to the popular misconception, that security is some kind of > > fairydust, product or duct-tape that we can apply to protocols or software > > afterwarts. > actually, i saw this Kickstarter the other day... ;P What would the engineer say, after you had explained your problem, and enumerated all of the dissatisfactions in your life? He would probably tell you that life is a very hard and complicated thing; that no interface can change that; that anyone who believes otherwise is a sucker; and that if you don't like having choices made for you, you should start making your own. See http://www.cryptonomicon.com/beginning.html Sorry for the delay, and not adressing all your VM-fanboyisms, your approach makes it (for OP) more and more complex to run Pidgin, while you achieve maybe a little more local isolation. What I tried, is to take all the complexity and reduce it, OP can make a informed decision, based on such information. Given that, OP doesn't need a brand new OS, he may be better off using a better implemenation (maybe profanity) or better protocol, maybe silc or both like with tox. Sorry, I mean no offense, but with diversion and constructed examples that are offtopic, you are a danger to others, yourself or your environment. Given the example with PDF (don't use it, there are better formats available since ages), all your VMs would be circumvented by OP, as he would import the malicous binary into one of his other VMs and compromise either his anonymity, or his complete installation himself. How do you address that problem? I encounter some of these on a monthly basis, were overreliance on a VM lead to local priviledge escalation which resulted in VM-escape or leakage of confidential information. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
