EmbeddedRelated.com
Forums
The 2024 Embedded Online Conference
   Forums    More Forums    comp.arch.embedded  

Ubuntu 6.06 criticisms from a programmer

Started by CBFalconer October 14, 2006
Reply by user October 17, 20062006-10-17
Bit Twister wrote:

> On Tue, 17 Oct 2006 09:04:03 -0500, Don Seglio wrote:
> 
>> Forced by law? Isn't that a bit extreme and intrusive, do you think that 
>> the government can protect an fool from itself? 
> 
> That is kind of unfair. How many people driving cars know where the
> cylinder rod can be found.


What the hells a cylinder rod? Ive been fixing cars for 40 years but I 
aint never heard of a cylinder rod. A cylinder is a hole that the piston 
sits in. The connecting rod connects the piston to the crank, is that 
what you mean, the connecting rod?
Reply by arachnid October 17, 20062006-10-17
On Tue, 17 Oct 2006 20:16:27 -0500, user wrote:


> Bit Twister wrote:
>> On Tue, 17 Oct 2006 09:04:03 -0500, Don Seglio wrote:
>> 
>>> Forced by law? Isn't that a bit extreme and intrusive, do you think that 
>>> the government can protect an fool from itself? 
>> 
>> That is kind of unfair. How many people driving cars know where the
>> cylinder rod can be found.
> 
> What the hells a cylinder rod? Ive been fixing cars for 40 years but I 
> aint never heard of a cylinder rod. A cylinder is a hole that the piston 
> sits in. The connecting rod connects the piston to the crank, is that 
> what you mean, the connecting rod?


That just proves his case. If even someone who has been fixing cars
for 60 years doesn't know what a "cylinder rod" is, why would you expect
the average driver to know anything about it? :o>
Reply by arachnid October 17, 20062006-10-17
On Tue, 17 Oct 2006 14:08:01 -0700, Whoever wrote:


> 
> 
> On Mon, 16 Oct 2006, arachnid wrote:
> 
>> On Mon, 16 Oct 2006 19:26:59 +0100, Steve at fivetrees wrote:
>>
>>> And I agree re a hardware firewall, for all the reasons mentioned, and a few
>>> more. To be clear, this will usually take the form of a NATing router, i.e.
>>> it separates two networks (the Internet and the LAN), and provides
>>> controlled traffic between the two. With this setup, it's the router that's
>>> online, not the clients. It will block unsolicited traffic - i.e. anything
>>> other than what you ask for. Properly setup, the benefits in terms of
>>> security of a router mean you're pretty safe from direct attack - whether
>>> with Linux, OpenBSD, or Windows.
>>
>> NAT firewalls should be required by law to be built into any consumer
>> device that's designed for connecting a computer to the Internet.
> 
> You use the term "NAT firewall", but in fact, there is no such thing. 


There is if the marketers can sell them. :o>


> There are routers that include both NAT and firewall capabilities, but
> it is important to understand that NAT is not a firewall. So, looking at
> the 2 components:


I've seen religious arguments rage for weeks over just what constitutes a
firewall, whether NAT is a firewall, whether IPTables is a firewall, etc.
Reply by Steve at fivetrees October 18, 20062006-10-18
"Paul Gotch" <paulg@at-cantab-dot.net> wrote in message 
news:W8s*y7vtr@news.chiark.greenend.org.uk...

> In comp.arch.embedded Steve at fivetrees <steve@nospamtafivetrees.com> 
> wrote:
>> NAT == network address translation. IOW, providing a controlled 
>> connection
>> between two networks.
>
> No. NAT is an evil hack which was invented to preseve IP address space by
> allowing hosts on a privately addressed unroutable network to speak to the
> outside world of public routable IP addresses via a single public IP 
> address.


Why "evil hack"??


>> If you can control the connection (e.g. OpenBSD's pf packet filter), 
>> what's
>> missing?
>
> An understanding of how IP works?


Huh? OpenBSD's packet filter is a thing of beauty, a very fine-grained tool 
indeed.

I don't understand your comment. I understand IP rather well, but I wouldn't 
expect the average computer user to. Why should they be denied an easy form 
of protection?

Steve
http://www.fivetrees.com
Reply by David Brown October 18, 20062006-10-18
Steve at fivetrees wrote:

> "Paul Gotch" <paulg@at-cantab-dot.net> wrote in message 
> news:W8s*y7vtr@news.chiark.greenend.org.uk...
>> In comp.arch.embedded Steve at fivetrees <steve@nospamtafivetrees.com> 
>> wrote:
>>> NAT == network address translation. IOW, providing a controlled 
>>> connection
>>> between two networks.
>> No. NAT is an evil hack which was invented to preseve IP address space by
>> allowing hosts on a privately addressed unroutable network to speak to the
>> outside world of public routable IP addresses via a single public IP 
>> address.
> 
> Why "evil hack"??


Some people consider it an "evil hack", partly because it makes it 
almost impossible to get incoming connections, and thus buggers up 
certain types of legitimate traffic (such as those for agreeing about 
MTU sizes).  It can also be a bottleneck when you have a lot of 
connections (it makes a good bittorrent setup harder).  And it is a 
hack, having been originally invented to allow more computers on the net 
without using global IP addresses.  However, most people who consider it 
"evil" are the people who are capable of controlling and securing their 
connections, and who think that *their* nice clean internet has been 
ruined by all these pesky kids.


The most obvious characteristic of a NAT router is that the computers on 
one side are invisible to everything on the other side.  That is an 
enormous benefit, and far outweighs the disadvantages for the great 
majority of users.  Any traffic from your PC can go out, nothing 
unexpected can come in.  Since a "firewall" is simply a blocking system 
for limiting unwanted traffic, a NAT router in itself provides an 
excellent firewall.  Combine that with the fact that setup of a NAT 
router is almost a no-brainer (at least, for ISPs that sensibly use 
"Ethernet" connections instead of some silly PPoE or PPTP bandwidth 
waster), and it is the single most important feature of a firewall.


Clearly, a firewall can be much more than this.  For more advanced use, 
you might want to poke holes to run a webserver on the inside, or to 
allow particular types of access from particular IP addresses, or to 
limit outgoing traffic.  You can also filter on higher levels, such as 
filtering http traffic.  And a software firewall on a PC (or 
"application policy tool", as Paul aptly named it) can give you tight 
control over specific applications.  But these are not of interest to 
the average user, and their complexity is overwhelming for most people. 
  A large proportion of zombie PC's have software firewalls installed, 
but disabled - simply because the user could not understand how to allow 
their browser or computer game internet access without turning it off.



> 
>>> If you can control the connection (e.g. OpenBSD's pf packet filter), 
>>> what's
>>> missing?
>> An understanding of how IP works?
> 
> Huh? OpenBSD's packet filter is a thing of beauty, a very fine-grained tool 
> indeed.
> 
> I don't understand your comment. I understand IP rather well, but I wouldn't 
> expect the average computer user to. Why should they be denied an easy form 
> of protection?
> 


Absolutely.  Let those who need advanced setups use OpenBSD or Linux 
with their packet filters for their internet-facing servers, and put a 
NAT router between everything else and the 'net.


> Steve
> http://www.fivetrees.com 
> 
>
Reply by bill October 18, 20062006-10-18
David Brown wrote:

> 
> You can't force people to use sensible behaviour on the internet (well, 
> you could introduce a "drivers license", but that would be a bit much).


I think it would be a good idea. I know plenty of people, friends even 
that have Internet access and really have no business there. If it takes 
them a month to learn how to log on and do simple e-mail just think of 
the havoc when they learn to post to newsgroups. Actually, one friend 
has no idea what a newsgroup even is, and one only uses them to download 
porn. OK, so some of my friends are less than properly motivated.


>  So you can't force people to use a firewall.  But it's not unreasonable 
> to require ISPs to supply a firewall with every broadband connection (as 
> I said, they could easily make a half-decent one on their side of the 
> connection).  Remember, every time somebody connects an unprotected 
> windows machine to the net, it costs you and me time and money through 
> increased spam, viruses, worms, attacks bots, and other nasties.  And 
> every time an ISP offers a customer a broadband connection without a 
> firewall, they are acting irresponsibly - the average customer does not 
> know anything more than the ISP tells them, and will suffer the 
> consequences. 


My one friend never even browses and only e-mails his relatives that 
know how to use a computer. The other goes everywhere in between his 
porn habit but at least has the sense to use some of the free firewall 
products, until he breaks something and I get a call. My only payoff is 
a 'not so free' lunch.

  The only thing that stops ISPs giving out firewalls is

> the cost, which would put them at a disadvantage compared to their 
> competitors.  Regulations requiring firewalls to be provided would keep 
> the playing field even.
> 

At which point AOL would become even more of a pain in the ass. Comcast 
offers McAfee, which in my test uses, is pretty much;
A. Windows only.
B. Useless even with Windows.

I said a while back that computers used to be the new 'Wild West', but 
now it is the Internet, and I don't see it getting any less wild until 
the government does something stupid (which you know it will) and ruins 
it for everybody.
Bill Baka
Reply by bill October 18, 20062006-10-18
Bit Twister wrote:

> On Tue, 17 Oct 2006 09:04:03 -0500, Don Seglio wrote:
> 
>> Forced by law? Isn't that a bit extreme and intrusive, do you think that 
>> the government can protect an fool from itself? 
> 
> That is kind of unfair. How many people driving cars know where the
> cylinder rod can be found. Everyone cannot be computer security experts.


Back in the early days of motoring you HAD to know how to fix your own 
car or not drive. In Europe getting a driver's license involves knowing 
how to fix a flat tire (change it at least) and basic mechanical stuff, 
and women are not exempt.

> 
> Here in the USA the law helps in removing dangerous product from the
> public, lead in kids toys as an example.


Yes, but they are overzealous to the point of being a total pain in the 
ass. Take Asbestos, where the tearing out of pre-existing material 
releases it into the air creating even more of a problem. Why not lust 
let the buildings die of old age?

> 
> With the failure of the unfair marketing practices case against M$ it
> would seem to make sense. Put the business on one subnet and firewall
> the mom/pop/granny/kids on another with firewalls in the ISP routers.
> We'll just ignore the that small network problem for the ISPs for
> sake of argument.  :)


Like a Windows Internet and a Linux/Mac/everyone else Internet? I wish.

> 
> I will have to say, something is going on. I run Shorewall with a
> blacklist of noisy ip subnets. About once a month if the counters show no
> inbound attempts, I remove the rule for that ip. The list is getting
> smaller not larger.


Makes sense. Out of the 100,000 or so claimed global newsgroups, a quick 
look shows many that are dead and have been ever since someone got the 
name listed. Many show less than 100 messages, ever.
Bill Baka
Reply by bill October 18, 20062006-10-18
arachnid wrote:

> On Tue, 17 Oct 2006 20:16:27 -0500, user wrote:
> 
>> Bit Twister wrote:
>>> On Tue, 17 Oct 2006 09:04:03 -0500, Don Seglio wrote:
>>>
>>>> Forced by law? Isn't that a bit extreme and intrusive, do you think that 
>>>> the government can protect an fool from itself? 
>>> That is kind of unfair. How many people driving cars know where the
>>> cylinder rod can be found.
>> What the hells a cylinder rod? Ive been fixing cars for 40 years but I 
>> aint never heard of a cylinder rod. A cylinder is a hole that the piston 
>> sits in. The connecting rod connects the piston to the crank, is that 
>> what you mean, the connecting rod?
> 
> That just proves his case. If even someone who has been fixing cars
> for 60 years doesn't know what a "cylinder rod" is, why would you expect
> the average driver to know anything about it? :o>
> 
> 
> 
> 

How about, if you haven't got a clue how it works you have no business 
using it?
Bill Baka
Reply by Bit Twister October 18, 20062006-10-18
On Tue, 17 Oct 2006 20:16:27 -0500, user wrote:

>
> What the hells a cylinder rod? Ive been fixing cars for 40 years but I 
> aint never heard of a cylinder rod. A cylinder is a hole that the piston 
> sits in. The connecting rod connects the piston to the crank, is that 
> what you mean, the connecting rod?


Maybe I misnamed it, 
What do you call the dohicky that connects the connecting rod to the piston?
Reply by Bit Twister October 18, 20062006-10-18
On Wed, 18 Oct 2006 23:43:52 GMT, bill wrote:


> Like a Windows Internet and a Linux/Mac/everyone else Internet? I wish.


That is an idea at that. 
Or maybe no OS on net unless it conforms to standards.
You might also like... (promoted content)
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
Upcoming Course - Python Applications for Digital Design and Signal Processing
Upcoming Course - Python Applications for Digital Design and Signal Processing
Upcoming Course - Python Applications for Digital Design and Signal Processing
The 2024 Embedded Online Conference - Register Early and Save with Promo Code ER2024!
The 2024 Embedded Online Conference - Register Early and Save with Promo Code ER2024!
The 2024 Embedded Online Conference - Register Early and Save with Promo Code ER2024!
The 2024 Embedded Online Conference