Societies woes
It’s become kinda fashionable to blog about what you think societies biggest issues are. I’m not an expert on society, but I do know a bit about the internet community. so, here goes
Fonts
Font’s that aren’t installed, font’s that are installed but aren’t antialiased, font’s that are installed, are antialiased but are the wrong size. Documents that rely on some font that isn’t installed on this machine. Operating systems that have different standard fonts that looks like they are different sizes (even if they are the same size). Font’s that are missing glyphs, font’s that are inaccessible so your rxvt’s hang on startup. Font’s that have patents preventing you from rendering them properly. Fonts that have indistiguishable charactors (|Il1, O0o). Font’s where you just don’t knowwtf is going on
NAT
Network address translation. It’s evil. It should be taken away. People think that it gives them protection from the internet. How every wrong they are. It breaks almost everything out there, except for perhaps HTTP and POP3. If people want to do NAT then that’s their choice, but they shouldn’t force it upon those of us that need to avoid it. The only reason that the Internet hasn’t run out of addresses is that it’s become so difficult to get multiple IP’s that people use NAT instead. It’s sad, since IPv6 has a solution to this problem. Sigh. And firewalls are a bogus idea too
Insecure software
Now I must admit I’m guilty of this one too. However people that distribute operating systems need to learn a few simple rules:
- No ports should be opened by default. Ever. If a user wants it open, they should open it themselves. Thus if they didn’t know about it, it’s not running. If they do know about it, then they should know enough to update it.
- Don’t run content from untrusted hosts. You have to be rutheless these days, if it doesn’t exactly conform to the specifications, IT MUST NOT BE TRUSTED. This is the complete opposite of being permissive in what you recieve, and strict on what you send.
May 25th, 2004 at 9:37 pm
APOSTRAPHE ABUSE! ARGHHHHH!
June 1st, 2004 at 10:57 am
What’s your problem with firewalls? They’re definately a good idea, even if many of them are badly implemented
June 1st, 2004 at 3:43 pm
Firewalls don’t help you, they partition the network into two halves, and the bad guys are on both halves. Almost every major piece of malware out there will infect you irrespective of firewalls. Email virii, IE browser exploits don’t care about firewalls. Even things that firewalls are supposed to stop (like sql slammer, welchia, etc) still infect your internal machines. Usually because they are brought in via laptops, or via VPN’s or whatever.
Firewalls don’t solve the problem, they barely even slow down the infections. Consider that in recent months there was even a buffer overflow exploit in firewall software that was used to make a worm!
The answer is don’t have any services listening you don’t need, and, if you do have them listening MAKE THEM SECURE. It’s not even HARD to make them secure if they are written in a high level language that doesn’t promote buffer overflows.
Firewalls have forced application developers to more and more extreme hieghts to get their software working through, such as SOAP. Look at all the crap that goes into SOAP so it can be firewalled properly. WTF? If they just ran it over another port like they’re supposed to it would JUST WORK!
If IPv6 ever takes off (annnny day now!) Firewalling will become a whole heap harder, because your payload will be encrypted. What do you firewall on then huh?
Firewalls are problems looking for solutions, they’re a bandaid over another problem. They can’t be called a solution.
June 14th, 2004 at 2:25 am
Quite relevant here:
Personal Firewall Security FAQ
“Personal Firewalls” are mostly snake-oil
I don’t agree that firewalls are completely useless, but I agree that there’s a lot of cargo culture surrounding them and security in general.