Post #372,921
3/25/13 5:16:30 PM
|
OS X Update, Java too..
Just d/led security + Java updates.
Have had Java disabled ever since the Global Pwnership-by-$$perps struck, a while back.
Anyone care to comment on Credibility of this presumed-Fix du jour? Is it yet safe-enough to play in that sandbox?
Apple bit mungers are reputedly among the very-least Beastlike in their craftsmanship (don't we all sorta believe?)
But the flakiness of Java's record of inattention--maybe cannot be fully compensated in any day-to-day Global Bit Wars. Can it?
(I've noted only a few places--in my travels--where I was missing anything (like: some sites' image display scripts; no big deal por moi.))
Result thus far:
[Java remains OFF]
Seems particularly speedy after this 'security' update--at least via Safari performance, thus also network (limited to 400K by the ComcastBeasts, whose full-bore prices SUCK, still.)
But iStat shows same net speed as always: filtered-down solid
Curious if anyone else notes an effect from this upgrade. 'Course too, the necessary reboot might have removed some time-wasting cruft the system was working-around.
We never really Know shit about these machines' *actual* status, Do We?
|
Post #372,942
3/25/13 10:04:54 PM
|
I've never noticed a problem.
We have some commercial programs at work that run on Java. The only time I've noticed issues with a Java update are with some old in-house stuff that talks to an Oracle database with something called "Jinitiator". There have been version issues that we've had to deal with occasionally, so we keep an old version around just in case.
The commercial software that we have that runs on Java has never had an issue (when we have had problems, it's invariably been something else not the Java version).
You probably should always update Java and your browser as soon as updates come available. If you're nervous, you can wait a day or so. :-)
We've never had a problem with OSX updates either, but I'm sure there are corner cases.
As long as you don't download dodgy software or visit scammer sites, or click on links in e-mails that you don't read carefully, you'll probably be Ok. There are always exceptions, of course, but those still seems to be the most common ways that people's machines get compromised.
My $0.02.
Cheers,
Scott.
|
Post #372,949
3/26/13 7:37:41 AM
|
That's some exceptionally poor advice
It blames the end user when anything goes wrong in an environment where things WILL go wrong.
As long as you don't download dodgy software or visit scammer sites, or click on links in e-mails that you don't read carefully, you'll probably be Ok. There are always exceptions, of course, but those still seems to be the most common ways that people's machines get compromised.
You got the definitive list of "dodgy software" or "scammer sites", or links in emails that need to be avoided?
Really AS, you regurgitated with core windows/IE talking points, and while I understand you are applying them to java, they fail on both.
Either lock the box down and use it for NOTHING other than the carefully intended purpose, and firewall the fuck out of it, or simply accept sooner or later someone WILL (not might, WILL) (you just won't know it unless you are greg) OWN you.
When things are BAD (broken as deigned), they CAN'T BE fixed. They are to be suffered if you need to use the environment, but they can't be fixed. Certain core mis-designed and/or poorly implemented features on both environments (Windows across the board for ring issues combined with broken device drivers. plus the bug list of the week, Java (interpreted self memory managing languages of ANY sort that also allow native execution and "sandboxes" (hahahah, yeah right, like software constrained sandboxes have a chance of working when people are trying to find holes.))
So, don't please give advice that CANNOT be followed. It puts the end user in a no win situation, and it causes them to blame themselves. Like you have been blaming yourself for years.
I have isolated boxes and environments for tasks. Boxes are CHEAP. A 4 year old random intel box will run pretty much anything nowadays, and you can get one pimped out for a couple of hundred $$. Old macs are on CL all the time if you swing that way. Any of them are disposable and/or replaceable with minimal effort.
I've learned. I don't care how much you know, or how "good" you are at this shit, the time investment for dealing with it when it starts to fail in strange ways (actively fighting a foreign intelligence that has a goal of masking itself from you) is enormous as compared to a rip-out/rebuild. Have a spare ready to drop in place prepped before it goes bad, and you lose 10 minutes, not days.
|
Post #372,950
3/26/13 8:07:40 AM
|
(I'm assuming....)
I'm assuming everyone is running an antivirus program who has a PC.
I'm assuming everyone at home has a hardware firewall in their router. Nobody at home should have every TCP/UDP port open.
I've never come across a Mac virus infection, YMMV.
Yes, there are botnets out there that are looking for PCs and microcontrollers to infect. Yes, if Kevin Mitnick or the NSA want to break into our Macs at home, they can probably do it.
I refuse to believe that every time I touch a PC that I'm taking my life in my hands.
http://xkcd.com/1180/
If I were running a business with a public web presence, I would be much more concerned about viruses and so forth. When money is at stake and downtime has real costs, one has to be more careful. I'm not. I take reasonable precautions.
(Our network(s) at work has more firewalls than I want to think about...)
HTH.
But back on topic - Should Ashton update his Java as soon as updates are available? I say yes. You?
Cheers,
Scott.
|
Post #372,952
3/26/13 9:44:44 AM
3/26/13 10:36:04 AM
|
Your assumptions are wrong by definition
everyone? hehehahaha.
No.
And are they effective? hohiohahahahahaehehe
Zero days are here forever.
Lovely diagram, and I agree, so what?
I already stated the real issue is the time sink of figuring it out.
And should he upgrade? Of course he should. Once committed to the use of a certain bit of infrastructure, you MUST continue in the "upgrading" of the part, at least if the continued running of your preferred application requires it.
Edited by crazy
March 26, 2013, 10:36:04 AM EDT
|
Post #372,955
3/26/13 11:40:27 AM
|
On your assumptions...
I'm assuming everyone is running an antivirus program who has a PC. Define PC for me please. PCs now encompass, Windows machines, Apple Machines, Linux Machines... and others.
I'm assuming everyone at home has a hardware firewall in their router. Nobody at home should have every TCP/UDP port open. I have a Hardware router/firewall/wireless-bridge, but I have "all traffic" going to a specific machine on my network. Good luck with that.
I've never come across a Mac virus infection, YMMV. Mostly just Malware. Viruses are super hard to make and run now a days... not worth the effort.
Yes, there are botnets out there that are looking for PCs and micro-controllers to infect. Yes, if Kevin Mitnick or the NSA want to break into our Macs at home, they can probably do it. A good assumption. If someone is willing to put enough effort into something... you really have nearly zero chance of withstanding it.
I refuse to believe that every time I touch a PC that I'm taking my life in my hands.
http://xkcd.com/1180/ More than likely... its Malware.
If I were running a business with a public web presence, I would be much more concerned about viruses and so forth. When money is at stake and downtime has real costs, one has to be more careful. I'm not. I take reasonable precautions. Funny, I just did a presentation on that. Supposed to only have 20 minutes. Culled from over 50 pages of painstaking detail... to 11 plus an ending page on China. I still went over by 10 minutes. Not as bad as the guy that followed me... or the one that followed him.
(Our network(s) at work has more firewalls than I want to think about...) MOAR FIREWALLS GOOD! Seriously though... Public and then Firewalls on specific network segments or on routers. Plus additional "Application on cloud/grid" firewalls is one more layer.
But back on topic - Should Ashton update his Java as soon as updates are available? I say yes. You? I'm of the opinion that Ashton needs to start using OSX like it just works and stop cat footing around it. Since the Almighty SJ is gone, Apple isn;t about ready to forsake all the "Karma" they built up with this guy. They are going to do as complete a job as they can, if kind of slow... especially for something they don't really like (Java and Flash). The updates to OSX are typically a good thing.
--
greg@gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
|
Post #372,957
3/26/13 12:04:22 PM
|
PC == Winders machine.
You're always a special case. ;-)
We have a wide variety of networks here. Very wide.
Gotta run.
Cheers,
Scott.
|
Post #372,976
3/26/13 7:09:37 PM
|
On your last..
Oh, I've become almost Newbie-grade slothful on the 'log' readings and such!
(Were I forced, by some Court Decree + manacles to Do Doze Again (until probation ended)
I'd have to relearn that daily Necessary-paranoia.)
It's now just over 4 yrs. since the iMac landed. It has helped that You + IGM generally agree with your assessment. You are Right. It DOES Just. Work.
(But it took a year for me to rilly-Believe ... after all that Beast-conditioning.)
Oddly though (I thought) That, while the 'Diagnostic And Usage Messages' log retains the records of this Update and subsequent installation--the report of the Crash I mentioned above,
and which had presumably auto-corrected: deleted itself after a day or so.
This seems a bit short-sighted--in event, say that another similar Crash occurred a few days later? and one wanted to look for any correlations.
Guess they really Don't want us 'l33t Apple Users to snoop very much. Red Flag to those of us who want to acquire some sense of what is Normal and what indicates Abnormal 'operations'.
You don't have to be paranoid, merely to be curious.
I suppose that some CL efforts could alter the [Delete after X hours] # for Crashes.
But will let such things go ... ... until some event makes Me Wish That.. ...
|
Post #372,980
3/26/13 7:40:00 PM
|
This stuff...
Doesn't matter until it does.
There is no clear cut thing.
Apple doesn't like people to know to much... and it shows.
Or have much skill fixing hardware... just replace it.
Its just one of those things.
--
greg@gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
|
Post #372,973
3/26/13 6:16:43 PM
|
Thanks IGM.. I think I grok the trade-offs.
(I did, of course install the Apple Update for OS and for Java (but not for iTunes, Remote Access Users [!} and such as I don't use anyway.)
But Java's still turned off--via Occam: A couple mouse clicks can turn it on, should I see an item I might want to pursue, [not responding] on a site that doesn't scream, HaxxorsHaven-WelcomeKiddies.
I've become well Aware, after these years Here, of the vast gulf 'twixt my merely somewhat-informed er, logical deductions and er, Logic:the Professional's Game.
Under "..there are Known unknowns and Unknown unknowns" (from that entertaining former SecDef guy and his fanciful musings", I hope I have stored a small toolkit of
Don't!!s// Maybes..IF ... and ... // and, dunno WTF to Do? about *this* oddity.
And I cannot remotely comprehend how it IS that Greg maintains such an encyclopedic Recall of near-infinite details, across so many OS-peculiarities nor
--since 'Vincents' and 'accelerators'
--have I aimed to build my demi-version of such a massive amount of lore: All Earned by n-mistakes, tip by tip.
I walk both sides/of street:
1) Resignation, as crazy suggests--and even IF you strongly suspect that Pwnership has occurred [and did it also ~brick even Time Machine's hallowed real Backups, hmm??]
I Won't Find its mechanism, ever.
2) So I be careful, have no interest in random investigations of the millions of idiot-sites:
What was the estimated total life of The Cosmos until Heat-Death, lately? How much of that does one want to squander, reading pap?
3) Had I more $$ for Communication-with-other-Entities, based on all the options I recall since Info World was an almost-decent Tech News Rag:
I'd have duplicate iMacs, one always Off-web, probably [with advice] some means of mirroring, but delayed: so that, following a few basic Tests of OS operation since Last Test:
Then: go ahead and duplicate the (still-OK. probably.) main unit.
This is not infallible, for reasons of all caveats mentioned here and elsewhere.
(If $Rich: a third machine, never On-line, to which only my data files are periodically xferred via some least-risky algorithm + hunches?)
In the end though, I believe I share with some here, a disbelief in Perfection or in Certainty, so ... if the Cosmos elects to skewer me with a Maxwell's Demon Event?
[I wonder re. HEAT in the New! Insanely-thin iMacs, and whether smcFanControl can still attain *my* idea of OK temps inside, should I need a 2-yr. old 21.5"er..]
Bring it ON, Mofos!--you Aren't fooling Moi: I KNOW It's All a Stage/I a mere Player, etc.
;^>
(It's Today--and iMac is still running pretty fast, for 90+ tabs open.)
|