The argument is, that in case of sudo, the caller (potential attacker) controls the environment. In many cases, software or libraries are not made with a hostile environment in mind. Think of LD_PRELOAD or PATH ...
When there's a daemon running in the background, the attack surface is more commonly understood. The environment is not under attacker control.
Libraries rarely treat data from socket as "trusted" but often blindly trust environment variables, or stdin/stdout/stderr.
That has nothing to do with setuid, and is a very different argument from an unqualified "suid feature is huge security hole."
sudo etc. already clear much of the environment. And you're going to want to keep some of it because people expect "sudo foo" to work (which you can't do without PATH).
> Note, due to the layer at which the Linux kernel is in a system, almost any bug might be exploitable to compromise the security of the kernel, but the possibility of exploitation is often not evident when the bug is fixed. Because of this, the CVE assignment team are overly cautious and assign CVE numbers to any bugfix that they identify.
I don't get how exactly they would be wrong with that and I am not sure why saying "update from the buggier version to a less buggier version" (that is implied with an assigned CVE) is a bad thing.
> to create a rule that all (...) require unanimous consent?
What you describe is pretty much what has happened and still is happening in Hungary.
The conclusion here is that even if the majority agrees that these rules are against the spirit of the democracy, there's nothing practical to do against them. So yeah, checks and balances are important to have in practice, not just in spirit.
When you're relying on self-imposed limitations, radicals will sooner or later take over and do whatever necessary to stay in power.
I've used libvips a couple of years ago from golang via cgo. It was a bit rough to get started with it, but impressive once working.
It was quick enough to convert full-page pdf documents to black and white thermal printers (with scaling, didthering, autocrop and all that) in real time during an http request. Somewhar suprisingly, we also haven't had any memory leak issues, despite simply calling it dirctly in long-lived server processes.
Not sure about the state of the library now - my project has been discontinued - but would definitely check out libvips again if i'd have a need for an image manipulation library.
The public suffix list servers the purpose to only separate (sub)domains that are reasonably expected to be controlled by different owners.
Many systems - ex: rate limits, malware domain lists - would be very easily and cheaply gambled if domain owners could "disown" subdomains at-will, just with a change in DNS. There's a fairly long review process to get onto the public suffix list for exactly this reason.
There's also the historical aspect, that DNS is a much older technology than the need for the public suffix list. Mozilla at the time couldn't expect that all registries would adopt a new standard quickly or at all. Since there was a need for this information for browser security improvements, the list was born, and gradually become the de-facto standard source of such information.
A good 2FA setup is important for modern security.
Knowing many sortware developers, a suprisingly large percentage of them still think about security as annoyance. This is especially problematic, as they tend to have a larger attack surface.
Having access to critical resources and also executing a wide range of semi-random tools and code on your machine is ... less then optimal.
With the rise or supply chain attacks, I believe this is a critical and required change.
You could argue that GitHub should not be forcing that decision on users, but if they want to protect their brand, they kind of have to.
Mortgage is not a cost accounting wise. Interest is a cost, but capital repayment is already "profit" which the landlord will keep at the end of the loan.
Let's say rent is mortgage + 30%. If we assume all the risks and costs (maintenance, insurance, etc) are eating up all of that 30%, they still make a whopping 200%+ profit in the long run.
In a fair business relation with 20-30% profit, the landlord would actually loose cash each month until the mortgage is over, with the expectation to realize profit when the property is sold. This rarely happens.
> Mortgage is not a cost accounting wise. Interest is a cost, but capital repayment is already "profit" which the landlord will keep at the end of the loan.
Only a small sliver of the first mortgage payment is principal. Most of it is interest and the escrow for the property tax and insurance. By the last mortgage payment most of the interest has been replaced with principal, because by then the landlord is the one who owns the property instead of the bank, so now they get what used to be the interest. The property tax and insurance payments never go away, they just stop going through the bank.
The question you have to ask if you think they're overcharging is, why don't more people do it? If it got higher returns than other investments, why wouldn't people sell their stocks and buy real estate? The answer is that they do, until it doesn't anymore. And then it doesn't anymore, because the price of real estate goes up until investing in real estate no longer has above-market risk-adjusted returns.
We have pretty good numbers on this: Here's a common real estate ETF, it's basically "be a landlord, but as a stock", 10-year average return 5.49%:
I sort of understand that Mozilla wants to care for the concept of an open internet which requires a lot more than just software development. I don't particularly understand or like the exact things they finance, but politics is a complex game in which you loose if you don't play.
What I absolutely fail to understand though is why they don't have long-term focus on diversifying income? All their alternative revenue sources are neglibile, and their strange attempts to provide paid products seem to be either hobby-projects of someone at mozilla (ex: pocket) or a cheap rebrand of a product (ex: vpn).
Am I wrong to expect more from such a technologically capable organisation?
They do have a focus on that, it just hasn't really panned out. To be fair, you're talking about the billion dollar question. It's not exactly an easy problem.
I assume that nobody would use installers from an unknown source. What benefit do you see in creating a custom iso over just customzinig after install (possibly scripted)?
My use case was to create a bootable Live USB with some software already preinstalled, which people can try in a course, without having to install anything on their computer. While for long-term courses, students can prepare and install everything, I am also offering such a course in a conference, where people are most likely just going to pop-up into the room.
When there's a daemon running in the background, the attack surface is more commonly understood. The environment is not under attacker control.
Libraries rarely treat data from socket as "trusted" but often blindly trust environment variables, or stdin/stdout/stderr.
reply