IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 1 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New That's some exceptionally poor advice
It blames the end user when anything goes wrong in an environment where things WILL go wrong.

As long as you don't download dodgy software or visit scammer sites, or click on links in e-mails that you don't read carefully, you'll probably be Ok. There are always exceptions, of course, but those still seems to be the most common ways that people's machines get compromised.

You got the definitive list of "dodgy software" or "scammer sites", or links in emails that need to be avoided?

Really AS, you regurgitated with core windows/IE talking points, and while I understand you are applying them to java, they fail on both.

Either lock the box down and use it for NOTHING other than the carefully intended purpose, and firewall the fuck out of it, or simply accept sooner or later someone WILL (not might, WILL) (you just won't know it unless you are greg) OWN you.

When things are BAD (broken as deigned), they CAN'T BE fixed. They are to be suffered if you need to use the environment, but they can't be fixed. Certain core mis-designed and/or poorly implemented features on both environments (Windows across the board for ring issues combined with broken device drivers. plus the bug list of the week, Java (interpreted self memory managing languages of ANY sort that also allow native execution and "sandboxes" (hahahah, yeah right, like software constrained sandboxes have a chance of working when people are trying to find holes.))

So, don't please give advice that CANNOT be followed. It puts the end user in a no win situation, and it causes them to blame themselves. Like you have been blaming yourself for years.

I have isolated boxes and environments for tasks. Boxes are CHEAP. A 4 year old random intel box will run pretty much anything nowadays, and you can get one pimped out for a couple of hundred $$. Old macs are on CL all the time if you swing that way. Any of them are disposable and/or replaceable with minimal effort.

I've learned. I don't care how much you know, or how "good" you are at this shit, the time investment for dealing with it when it starts to fail in strange ways (actively fighting a foreign intelligence that has a goal of masking itself from you) is enormous as compared to a rip-out/rebuild. Have a spare ready to drop in place prepped before it goes bad, and you lose 10 minutes, not days.
New (I'm assuming....)
I'm assuming everyone is running an antivirus program who has a PC.

I'm assuming everyone at home has a hardware firewall in their router. Nobody at home should have every TCP/UDP port open.

I've never come across a Mac virus infection, YMMV.

Yes, there are botnets out there that are looking for PCs and microcontrollers to infect. Yes, if Kevin Mitnick or the NSA want to break into our Macs at home, they can probably do it.

I refuse to believe that every time I touch a PC that I'm taking my life in my hands.

http://xkcd.com/1180/

If I were running a business with a public web presence, I would be much more concerned about viruses and so forth. When money is at stake and downtime has real costs, one has to be more careful. I'm not. I take reasonable precautions.

(Our network(s) at work has more firewalls than I want to think about...)

HTH.

But back on topic - Should Ashton update his Java as soon as updates are available? I say yes. You?

Cheers,
Scott.
New Your assumptions are wrong by definition
everyone? hehehahaha.
No.

And are they effective? hohiohahahahahaehehe
Zero days are here forever.

Lovely diagram, and I agree, so what?
I already stated the real issue is the time sink of figuring it out.

And should he upgrade? Of course he should. Once committed to the use of a certain bit of infrastructure, you MUST continue in the "upgrading" of the part, at least if the continued running of your preferred application requires it.
Expand Edited by crazy March 26, 2013, 10:36:04 AM EDT
New On your assumptions...
I'm assuming everyone is running an antivirus program who has a PC.
Define PC for me please. PCs now encompass, Windows machines, Apple Machines, Linux Machines... and others.

I'm assuming everyone at home has a hardware firewall in their router. Nobody at home should have every TCP/UDP port open.
I have a Hardware router/firewall/wireless-bridge, but I have "all traffic" going to a specific machine on my network. Good luck with that.

I've never come across a Mac virus infection, YMMV.
Mostly just Malware. Viruses are super hard to make and run now a days... not worth the effort.

Yes, there are botnets out there that are looking for PCs and micro-controllers to infect. Yes, if Kevin Mitnick or the NSA want to break into our Macs at home, they can probably do it.
A good assumption. If someone is willing to put enough effort into something... you really have nearly zero chance of withstanding it.

I refuse to believe that every time I touch a PC that I'm taking my life in my hands.

http://xkcd.com/1180/
More than likely... its Malware.

If I were running a business with a public web presence, I would be much more concerned about viruses and so forth. When money is at stake and downtime has real costs, one has to be more careful. I'm not. I take reasonable precautions.
Funny, I just did a presentation on that. Supposed to only have 20 minutes. Culled from over 50 pages of painstaking detail... to 11 plus an ending page on China. I still went over by 10 minutes. Not as bad as the guy that followed me... or the one that followed him.

(Our network(s) at work has more firewalls than I want to think about...)
MOAR FIREWALLS GOOD! Seriously though... Public and then Firewalls on specific network segments or on routers. Plus additional "Application on cloud/grid" firewalls is one more layer.

But back on topic - Should Ashton update his Java as soon as updates are available? I say yes. You?
I'm of the opinion that Ashton needs to start using OSX like it just works and stop cat footing around it. Since the Almighty SJ is gone, Apple isn;t about ready to forsake all the "Karma" they built up with this guy. They are going to do as complete a job as they can, if kind of slow... especially for something they don't really like (Java and Flash). The updates to OSX are typically a good thing.
--
greg@gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
New PC == Winders machine.
You're always a special case. ;-)

We have a wide variety of networks here. Very wide.

Gotta run.

Cheers,
Scott.
New On your last..
Oh, I've become almost Newbie-grade slothful on the 'log' readings and such!
(Were I forced, by some Court Decree + manacles to Do Doze Again (until probation ended)
I'd have to relearn that daily Necessary-paranoia.)

It's now just over 4 yrs. since the iMac landed. It has helped that You + IGM generally agree with your assessment. You are Right. It DOES Just. Work.
(But it took a year for me to rilly-Believe ... after all that Beast-conditioning.)

Oddly though (I thought) That, while the 'Diagnostic And Usage Messages' log retains the records of this Update and subsequent installation--the report of the Crash I mentioned above,
and which had presumably auto-corrected: deleted itself after a day or so.

This seems a bit short-sighted--in event, say that another similar Crash occurred a few days later? and one wanted to look for any correlations.

Guess they really Don't want us 'l33t Apple™ Users to snoop very much. Red Flag to those of us who want to acquire some sense of what is Normal and what indicates Abnormal 'operations'.
You don't have to be paranoid, merely to be curious.
I suppose that some CL efforts could alter the [Delete after X hours] # for Crashes.



But will let such things go ... ... until some event makes Me Wish That.. ...

New This stuff...
Doesn't matter until it does.

There is no clear cut thing.

Apple doesn't like people to know to much... and it shows.

Or have much skill fixing hardware... just replace it.

Its just one of those things.
--
greg@gregfolkert.net
PGP key 1024D/B524687C 2003-08-05
Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
     OS X Update, Java too.. - (Ashton) - (9)
         I've never noticed a problem. - (Another Scott) - (7)
             That's some exceptionally poor advice - (crazy) - (6)
                 (I'm assuming....) - (Another Scott) - (5)
                     Your assumptions are wrong by definition - (crazy)
                     On your assumptions... - (folkert) - (3)
                         PC == Winders machine. - (Another Scott)
                         On your last.. - (Ashton) - (1)
                             This stuff... - (folkert)
         Thanks IGM.. I think I grok the trade-offs. - (Ashton)

I've not seen any indication that would lead me to believe that I could say that.
95 ms