Joost Diepenmaat wrote:
Are you seriously suggesting that generic application software should
be able to withstand someone with root (and probably physical) access
to the machine it's running on for the purposes of keeping the
original author free from user complaints?
Thank you for your reply. What i am telling is if if a hacker accesses
and changes some function in the code which is exposed in the
distributed application and not in the source code which is open.
Complaints may be in the form of bugs. In this case the user will
complain for some other reason. Pardon me if i am wrong in sense
You're not wrong. You're just approaching the problem the wrong
way. If a hacker has access to someone's computer, there is nothing an
application programmer can do about it - if an application *could* do
something about that, that would only create more problems (for
instance, your solution would basically mean that not even root would
be able to (un)install programs).
And the user will have a lot more problems on his hands anyway if some
uninvited person has access to his machine.
If a "hacker" has write access to your end user's files (including the program you gave them), they can change it however they want. There's nothing you can do there. There are some methods involving cryptographically signed binaries and such, but there are always way around it.
Another approach to the problem is to strictly separate code from data (and store all variables and the like separate from the code), then put the code into ROM or similar.
Randy Kramer
Even that's not effective. ROM dumps are not difficult to obtain, ROM chips are not difficult to replace with flash chips or even an interface to your PC. You also can't really do that with a Ruby program either.
The only semi-effective way I've seen to do this is with gaming consoles. The Xbox will only run signed code. This is problematic though, only people with the correct keys can produce code that will run on the Xbox (which Microsoft charges large sums of money for) and it was still cracked (at least the first Xbox was).
···
On Friday 29 August 2008 06:41 am, Michael Morin wrote:
--
Michael Morin
Guide to Ruby
Become an About.com Guide: beaguide.about.com
About.com is part of the New York Times Company
Can we stop using Hacker to describe computer criminals? The two
aren't (necessarily) related.
-greg
···
On Fri, Aug 29, 2008 at 7:35 AM, Joost Diepenmaat <joost@zeekat.nl> wrote:
Rock Roll <karoljouis@gmail.com> writes:
Joost Diepenmaat wrote:
Are you seriously suggesting that generic application software should
be able to withstand someone with root (and probably physical) access
to the machine it's running on for the purposes of keeping the
original author free from user complaints?
Thank you for your reply. What i am telling is if if a hacker accesses
and changes some function in the code which is exposed in the
distributed application and not in the source code which is open.
Complaints may be in the form of bugs. In this case the user will
complain for some other reason. Pardon me if i am wrong in sense
You're not wrong. You're just approaching the problem the wrong
way. If a hacker has access to someone's computer, there is nothing an
application programmer can do about it - if an application *could* do
something about that, that would only create more problems (for
instance, your solution would basically mean that not even root would
be able to (un)install programs).
> Another approach to the problem is to strictly separate code from data
(and
> store all variables and the like separate from the code), then put the
code
> into ROM or similar.
>
> Randy Kramer
Even that's not effective. ROM dumps are not difficult to obtain, ROM
chips are not difficult to replace with flash chips or even an interface
to your PC. You also can't really do that with a Ruby program either.
Well, you're write--I guess what I should have qualified it by saying
something about without physical access to your hardware, which I assume
would be the case for cases of online/remote cracking (to avoid use of the
word "hacking").
The only semi-effective way I've seen to do this is with gaming
consoles. The Xbox will only run signed code. This is problematic
though, only people with the correct keys can produce code that will run
on the Xbox (which Microsoft charges large sums of money for) and it was
still cracked (at least the first Xbox was).
I hadn't thought of that, but with good encryption, it sounds fairly effective
(ignoring the drawback you point out).
Randy Kramer
···
On Friday 29 August 2008 08:59 am, Michael Morin wrote:
--
"I didn't have time to write a short letter, so I created a video
instead."--with apologies to Cicero, et.al.
Can we stop using Hacker to describe computer criminals? The two
aren't (necessarily) related. Hacker culture - Wikipedia
-greg
Like it or not, that's what it means now. In fact, using its true meaning only confuses 99% of the population and can lead to misunderstandings. If this "debate" has been going on since the early 90's (or before?), it's just never going to end so there's no point in even talking about it anymore. "Hacker" has two meanings, just be conscious of that fact.
···
--
Michael Morin
Guide to Ruby
Become an About.com Guide: beaguide.about.com
About.com is part of the New York Times Company
Joost Diepenmaat wrote:
Are you seriously suggesting that generic application software should
be able to withstand someone with root (and probably physical) access
to the machine it's running on for the purposes of keeping the
original author free from user complaints?
Thank you for your reply. What i am telling is if if a hacker accesses
and changes some function in the code which is exposed in the
distributed application and not in the source code which is open.
Complaints may be in the form of bugs. In this case the user will
complain for some other reason. Pardon me if i am wrong in sense
You're not wrong. You're just approaching the problem the wrong
way. If a hacker has access to someone's computer, there is nothing an
application programmer can do about it - if an application *could* do
something about that, that would only create more problems (for
instance, your solution would basically mean that not even root would
be able to (un)install programs).
Can we stop using Hacker to describe computer criminals? The two
aren't (necessarily) related. Hacker culture - Wikipedia
It really sucks that the word got hijacked, and I never use it that
way. This happens to a lot of technical and paratechnical (is that
word?) words. Lately I've been hearing "blog" used to mean something
vaguely like "email" or "feedback comment" ("Send us a blog...."). And
of course there's "logon" instead of "connect".
And etc., as my students used to put it.
David
···
On Fri, 29 Aug 2008, Gregory Brown wrote:
On Fri, Aug 29, 2008 at 7:35 AM, Joost Diepenmaat <joost@zeekat.nl> wrote:
--
Rails training from David A. Black and Ruby Power and Light:
Intro to Ruby on Rails January 12-15 Fort Lauderdale, FL
Advancing with Rails January 19-22 Fort Lauderdale, FL *
* Co-taught with Patrick Ewing!
See http://www.rubypal.com for details and updates!
Sure, if you're going on the daily news. I'm suggesting you do
exactly the same and be conscious of the fact that on a mailing list
full of free software hackers, the usage to refer to computer
criminals is somewhat offensive. It's all about context.
-greg
···
On Fri, Aug 29, 2008 at 9:38 AM, Michael Morin <uzimonkey@gmail.com> wrote:
Gregory Brown wrote:
Can we stop using Hacker to describe computer criminals? The two
aren't (necessarily) related. Hacker culture - Wikipedia
-greg
Like it or not, that's what it means now. In fact, using its true meaning
only confuses 99% of the population and can lead to misunderstandings. If
this "debate" has been going on since the early 90's (or before?), it's just
never going to end so there's no point in even talking about it anymore.
"Hacker" has two meanings, just be conscious of that fact.