Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Sandbox Framework For Chromium Released

Soulskill posted more than 4 years ago | from the spicy-security dept.

Unix 109

Trailrunner7 writes "As applications have become more and more complex in recent years and Web browsers have evolved into operating systems unto themselves, the task of securing desktop environments has become increasingly difficult. And while there's been quite a bit of innovation on Windows security, advances in Unix security have been less common of late. But now, a group of researchers from Google and the University of Cambridge in England have developed a new sandboxing framework called Capsicum, designed specifically to provide better security capabilities on Unix and Unix-derived systems (PDF). Capsicum is the work of four researchers at Cambridge and the framework extends the POSIX API and introduces a number of new Unix primitives that are meant to isolate applications and users and handle rights delegation in a better way. The research, done by Robert N.M. Watson, Ben Laurie, Kris Kennaway and Jonathan Anderson, was supported by Google, and the researchers have added some of the new Capsicum features to a version of Google's Chromium browser in order to demonstrate the functionality."

cancel ×

109 comments

Sorry! There are no comments related to the filter you selected.

Chromium Browser? (1, Insightful)

Flea of Pain (1577213) | more than 4 years ago | (#33245130)

Is this supposed to be the Google Chrome browser? Or do they mean literally a browser in their upcoming OS Chromium?

Re:Chromium Browser? (3, Informative)

Anonymous Coward | more than 4 years ago | (#33245152)

Chromium is the community project from which Google Chrome is derived.

Re:Chromium Browser? (0)

Anonymous Coward | more than 4 years ago | (#33245190)

No, it's about the vertical scrolling shoot-em-up game.

Re:Chromium Browser? (2, Interesting)

xMilkmanDanx (866344) | more than 4 years ago | (#33245196)

The browser. TFA states somewhat incoherently that it isolates javascript execution and if google is using javascript in their OS, their not google.

Re:Chromium Browser? (1)

xMilkmanDanx (866344) | more than 4 years ago | (#33245440)

ah the dangers of cough syrup and slashdot... that should be they're, not their

Re:Chromium Browser? (1)

egcagrac0 (1410377) | more than 4 years ago | (#33245472)

There, there - it's all right. I'm sure everyone knew what you meant.

Re:Chromium Browser? (0)

Anonymous Coward | more than 4 years ago | (#33246112)

Their, they're - it's all right. I'm sure everyone knew what you meant.

ftfy

Re:Chromium Browser? (3, Informative)

Anonymous Coward | more than 4 years ago | (#33245218)

Is this supposed to be the Google Chrome browser? Or do they mean literally a browser in their upcoming OS Chromium?

Last line of the summarized article:

he researchers have added some of the new Capsicum features to a version of Google's Chromium browser in order to demonstrate the functionality."

Third link from Google, third party description.

Chromium Web Browser [wikipedia.org]

I'm relatively new here. Is this how most people are on this site?

Re:Chromium Browser? (4, Informative)

Captain Splendid (673276) | more than 4 years ago | (#33245280)

I'm relatively new here. Is this how most people are on this site?

Yes, it's considered SOP not to read TFA around here. The real hardcore don't even bother reading TFS either.

Re:Chromium Browser? (3, Informative)

xMilkmanDanx (866344) | more than 4 years ago | (#33245372)

The REALLY really hardcore don't even bother reading the comment they're responding to

Re:Chromium Browser? (0)

Anonymous Coward | more than 4 years ago | (#33245392)

I guess that means you're not REALLY really hardcore.

Re:Chromium Browser? (1)

Spewns (1599743) | more than 4 years ago | (#33245848)

I guess that means you're not REALLY really hardcore.

Neither are you.

Re:Chromium Browser? (1)

gmiernicki (1621899) | more than 4 years ago | (#33246896)

So, I was playing my penis and decided... HEY! I'll just go onto /. and post about it in a comment box!

Re:Chromium Browser? (0, Offtopic)

quickOnTheUptake (1450889) | more than 4 years ago | (#33247198)

how did this not get modded up?

Re:Chromium Browser? (5, Funny)

spoilsportmotors (1251392) | more than 4 years ago | (#33245426)

I'm astounded that you - or anybody else would agree with RIAA's heavy handed tactics. For shame.

Re:Chromium Browser? (1)

DIplomatic (1759914) | more than 4 years ago | (#33245542)

I completely agree that POTUS is off his rocker with this latest linux distro and there is nothing wrong with the metric system! Now if you'll excuse me, I'm off to finish porting NES ROMS to a Timex watch running OpenBSD. Cue Apple fanboys in 3......2.......1......

Re:Chromium Browser? (4, Informative)

Tumbleweed (3706) | more than 4 years ago | (#33245682)

The REALLY really hardcore don't even bother reading the comment they're responding to

I like pie.

Re:Chromium Browser? (0)

Anonymous Coward | more than 4 years ago | (#33248722)

Over time, my husband will desire me less sexually, but he will always enjoy my pies.

Re:Chromium Browser? (1)

Lennie (16154) | more than 4 years ago | (#33246634)

Hint, you don't need to read any comments if you get first post. :-)

Re:Chromium Browser? (0, Offtopic)

roman_mir (125474) | more than 4 years ago | (#33246774)

OMG PONIES!

Re:Chromium Browser? (0)

Anonymous Coward | more than 4 years ago | (#33253678)

The REALLY really hardcore don't even bother reading the comment they're moderating

FTFY

Re:Chromium Browser? (1)

bhcompy (1877290) | more than 4 years ago | (#33245462)

While I can't decipher what this article is referring to in particular, Chromium is the base for Chrome. Think of it as the development platform. Everyone should be using Chromium instead of Chrome because Chromium doesn't have the built in usage tracking that Chrome has

Re:Chromium Browser? (1)

SanityInAnarchy (655584) | more than 4 years ago | (#33245490)

You mean, the usage tracking which can be turned off with a single checkbox? And that's somehow harder than, say, installing ffmpeg and friends to get video working in Chromium?

Re:Chromium Browser? (1)

Raenex (947668) | more than 4 years ago | (#33245732)

The real problem is Chrome is not open source. It's a proprietary, binary blob that is based on open source. If Microsoft released a hypothetical browser based on Chromium, let's call it Crummium, it would be exactly the same thing, but without the Googly-woogly "trust us, we're not evil" claim attached.

Re:Chromium Browser? (0)

Anonymous Coward | more than 4 years ago | (#33246158)

If Microsoft released a hypothetical browser based on Chromium, let's call it Crummium, it would be exactly the same thing, but without the Googly-woogly "trust us, we're not evil" claim attached.

This sentence is plain stupid. It's implying that people who use Windows' Chrome build don't use IE because it's closed source. They don't use IE because it sucks! IE's standards compliance has improved somewhat, but its UI is still utterly atrocious. Most people have no problem using Opera or Safari; I think they would love it if Microsoft released a Chromium-based browser... it would be a large improvement over Trident/IE.

Re:Chromium Browser? (1)

Raenex (947668) | more than 4 years ago | (#33246270)

This sentence is plain stupid. It's implying that people who use Windows' Chrome build don't use IE because it's closed source.

I wasn't implying that. I used Microsoft as an example of a company that wouldn't get a free pass for releasing an "open source" browser consisting of a proprietary binary based on an open source base.

Re:Chromium Browser? (0)

Anonymous Coward | more than 4 years ago | (#33246808)

Except that Chromium isn't just a part of a browser, it's the full-fledged browser codebase. Chrome's additions are licensed material they have no right to release (PDF) or additions that hit their webservers hard (binary updates). I don't know why Chromium is missing the Google syncing/assistance services -- probably to encourage third-party developer adoption, similarly to how the Android OS codebase does not depend on Google; if it did, companies would not use it.

Re:Chromium Browser? (1)

Raenex (947668) | more than 4 years ago | (#33246956)

And I am not implying that Chromium isn't a full browser. My only point is that Chrome is a proprietary, binary blob, and as such not open source. Whatever excuses Google might have for that is no better than any excuses Microsoft might put forth if they had released a similar browser. If you care about open source, then you should know that Chrome is not open source.

Re:Chromium Browser? (1)

SanityInAnarchy (655584) | more than 4 years ago | (#33247462)

Whatever excuses Google might have for that

You mean, actual legal reasons?

no better than any excuses Microsoft might put forth

"Excuses" Microsoft has used in the past include "Open source is less secure because people can see the source."

If you care about open source, then you should know that Chrome is not open source.

Caring about open source doesn't mean I demand it for absolutely everything. The fact that Chrome is almost entirely based on Chromium tells me two things: First, that Chromium is there waiting for me if Chrome ever becomes a problem, and second, Chrome isn't likely to have anything particularly evil attached to it.

Re:Chromium Browser? (1)

bhcompy (1877290) | more than 4 years ago | (#33246164)

Which is the crux of the problem. I don't want or need google's tracking built in(among whatever else they have in it) even if I have the option to turn it off. Chromium works fine, Chromium Updater exists for updating it, and it works very well.

Re:Chromium Browser? (1)

SanityInAnarchy (655584) | more than 4 years ago | (#33247492)

Why does it bother you that it's there, although you can turn it off? That's a bit like complaining that it has a back button, even if you never use back buttons -- do you actually need it to not be compiled in?

I mean, if you do, that's one of the perks of a source distro like Gentoo, but it seems like a waste to me.

Re:Chromium Browser? (1)

SanityInAnarchy (655584) | more than 4 years ago | (#33247442)

If Microsoft released a hypothetical browser based on Chromium, let's call it Crummium, it would be exactly the same thing, but without the Googly-woogly "trust us, we're not evil" claim attached.

Given that Microsoft has a long track record of evil, and Google has a stated goal to not be evil, trusting them carries a bit more weight. And again, most of the browser is open -- how difficult is it to analyze what the rest is doing?

Now, consider the unfortunate alternative -- if Chromium was the only version, there'd be a scary process -- no matter how streamlined, it'd still have to present the user with scary legal warnings -- to get h.264 working, which, unfortunately, is needed for good HTML5 video support.

Re:Chromium Browser? (1)

Raenex (947668) | more than 4 years ago | (#33248028)

Given that Microsoft has a long track record of evil, and Google has a stated goal to not be evil, trusting them carries a bit more weight.

Actions speak louder than words. Microsoft's evil tends to revolve around vendor lock-in and unfairly stomping on their competitors. Google's evil revolves around Big Brother type information gathering. Trusting Google because of their motto is ridiculous.

And again, most of the browser is open -- how difficult is it to analyze what the rest is doing?

What are you proposing? To do a binary diff between the compiled open source version and Google version? Followed by disassembling and analyzing the diff, probably without debugging symbols? That would be a major pain in the ass, even if the two binaries were the largely the same, which I doubt would be the case anyways.

Now, consider the unfortunate alternative -- if Chromium was the only version, there'd be a scary process -- no matter how streamlined, it'd still have to present the user with scary legal warnings -- to get h.264 working, which, unfortunately, is needed for good HTML5 video support.

Firefox seems to manage. Besides, I'd prefer people actually be informed of the patent bullshit they're paying for, in one way or another. Perhaps Google could help by using non-patented formats on YouTube. Also, H.264 legal issues don't explain why Google tracking is part of the proprietary binary version.

Re:Chromium Browser? (2, Interesting)

SanityInAnarchy (655584) | more than 4 years ago | (#33249060)

Microsoft's evil tends to revolve around vendor lock-in and unfairly stomping on their competitors. Google's evil revolves around Big Brother type information gathering.

Microsoft's evil also involves outright lies, and the concept of "FUD" was pretty much invented, I suspect, to describe Microsoft.

Google, by contrast... "Big Brother"? Have you read 1984? Google likes to gather information, yes -- and like Facebook and everyone else, they only gather information from people who willingly donate said information, or from information already in public spaces.

Unlike Facebook and everyone else, they have a track record of, in the very worst example I'm aware of (wireless snooping), gathering more information than people think they should -- by accident. By contrast, Facebook employees have been known to casually browse people's private information, and otherwise abuse user data.

What are you proposing? To do a binary diff between the compiled open source version and Google version? Followed by disassembling and analyzing the diff, probably without debugging symbols?

Actually, I was proposing to wait and see, or to observe the behavior of the browser itself, and then disassemble and otherwise reverse engineer the parts that look suspicious.

Firefox seems to manage.

By having, say, youtube.com/html5 not work at all. Yeah -- they "manage" by not supporting, either directly or through any sort of extension framework, the most popular video site on the planet. Surprisingly, Safari seems to be the only browser taking a sane approach -- they delegate to QuickTime, which is essentially the OS X media framework, and support any codecs they find, so there's nothing stopping users from installing theora codecs if they like.

Of course, one of the results of this is that YouTube has further incentive to continue to use Flash, because Flash works in Firefox, but HTML5 with h.264 doesn't. Which do you think is the lesser of two evils?

Perhaps Google could help by using non-patented formats on YouTube.

There are several problems with this.

First, most video is, unfortunately, shot in h.264. Since I don't particularly care about obeying software patents covering codecs and file formats, I prefer to keep media in as close to the target format as I can, and only re-encode when I have to. You can do that with YouTube -- you can upload the video that your camera encoded to h.264 (in hardware!) and it's quite possible YouTube won't re-encode it for the high quality version.

So, this not only applies to their entire library that they'd have to re-encode, it also applies to pretty much all new video.

Second, only Theora might be open. Google does have WebM, and they have (hopefully) released it, but it's too close to h.264, and still manages to be inferior in many ways. You just get worse quality for the same amount of bandwidth, and that likely means millions of dollars of bandwidth for YouTube to maintain the same quality.

I'm not saying I have a solution to this, and I certainly don't like it. But refusing to play is not a solution.

Besides, I'd prefer people actually be informed of the patent bullshit they're paying for, in one way or another.

I'd prefer people be informed, but "This doesn't work, let's go back to IE and Flash" isn't the way to inform people. Realistically, it seems like this goes only a few ways:

  • HTML5 Video never takes off, partly because of Firefox.
  • HTML5 Video is a hit, but Firefox users can't view it. Users switch to other browsers.
  • HTML5 Video is a hit, and someone forks Firefox.

Sadly, Safari has had the way out the entire time -- delegate this stuff to the OS. Windows has DirectShow, OS X has QuickTime, Linux has GStreamer. Use those, and you get both licensing and hardware acceleration for free.

In fact, I've got an nvidia card, so I likely already have an h.264 decoder in hardware, already paid for. I've got another one in Windows 7, already paid for. There is no rational reason for Firefox to not support those -- it would be like refusing to download EXEs because they don't like Windows.

Re:Chromium Browser? (1)

Raenex (947668) | more than 4 years ago | (#33250128)

Google, by contrast... "Big Brother"? Have you read 1984?

Yes I have. Obviously the current situation isn't like the brutal dictatorship in the book, but the information gathering is getting there. Not a camera in your home, but spying on all the sites you visit.

they only gather information from people who willingly donate said information, or from information already in public spaces.

"willingly" would be opt-in, instead of having to opt-out. How many web sites use Google Analytics? Google also owns DoubleClick.

by accident

There's nothing accidental about collecting all this information (ignoring the wireless case), which once collected, can be abused. If they get a National Security Letter they will have to comply with it. If a rogue employee decides to misuse the data, it's done. If Google decides to misuse the data, it's done. All this is possible because they collect the data.

By having, say, youtube.com/html5 not work at all.

It's completely Google's fault for requiring H.264. They could always fall back to another format. HTML5 does not require H.264. If you want to talk about FUD, then H.264 is where it's at, straight from Google: "If [youtube] were to switch to theora and maintain even a semblance of the current youtube quality it would take up most available bandwidth across the Internet." http://people.xiph.org/~greg/video/ytcompare/comparison.html [xiph.org]

YouTube won't re-encode it for the high quality version.

Nothing is stopping them. At the worst, they can offer a lower-quality version, they way they do now with Flash Video. Requiring a patent-laden format to view video content on the web is evil. It's GIF all over again [0xdeadbeef.com] .

Second, only Theora might be open.

More FUD. It's been around for years, and there's no evidence that it isn't. There's no need to use scare words.

Re:Chromium Browser? (1)

SanityInAnarchy (655584) | more than 4 years ago | (#33251752)

"willingly" would be opt-in, instead of having to opt-out.

Which is precisely how this functions.

How many web sites use Google Analytics?

How many of those websites jumped out of the Internet, grabbed your browser, and forced you to visit them? If you don't trust a website to not use Google, why would you trust that website with the same information?

If they get a National Security Letter they will have to comply with it.

They have publicly fought government requests for information.

If a rogue employee decides to misuse the data, it's done.

And how do you know what procedures they have in place to prevent this situation? This isn't Facebook, where that sort of thing actually happens.

It's completely Google's fault for requiring H.264. They could always fall back to another format.

At what cost? Either massive amounts of CPU to transcode on the fly, or massive amounts more storage to store yet another encoding.

That said, they do have a few videos [blogspot.com] in WebM format.

If you want to talk about FUD, then H.264 is where it's at, straight from Google...

I'm not an encoding expert, but the comparison you link to actually favors H.264:

In the case of the 499kbit/sec H.264 I believe that under careful comparison many people would prefer the H.264 video.

And that's a single clip. Google has the resources to actually test this on a large scale. They also have a huge library of h.264 videos which would suffer a drop in quality at re-encoding, and, again, cameras encode h.264 in hardware, so they'd have brand-new h.264 videos for which the quality would instantly drop.

I also wouldn't be terribly surprised if H.264 deals with re-encoding H.264 videos better than Theora does.

At the worst, they can offer a lower-quality version, they way they do now with Flash Video.

Is that really what you're suggesting -- that we should use Theora and HTML5 only for lower-quality versions? I'm not sure I understand what you're saying here.

It's GIF all over again

Regarding that article, why compare Vorbis to MP3? There's AAC -- compare those. There's also the mention of On2, which has now become WebM, which was my point in saying that only Theora might be open -- WebM is patented, and may be infringing patents.

A few things to remember about GIF:

First, PNG still hasn't replaced it. You still can't do animated PNG -- there are two competing proposals for how to do it, neither of which have universal browser support. Hell, it's only recently that transparent PNG was properly supported in IE.

Second, there hasn't really been anything that's replaced gif, png, or jpeg in each of their respective areas. The relevant GIF patents have expired, and if jpeg hasn't, it will soon. The problem is that video is a lot more bandwidth, and is still an area of active research. Any codec we choose today is likely to be obsolete eventually, so we should be looking at what the next codecs are. If they don't become obsolete, the patents will expire, and when that happens, I'd be much happier with higher quality from h.264.

Finally, aside from animations, PNG actually did beat GIF. It was better at absolutely everything else than GIF was. The same is true of gzip vs compress, and seems to be true today with lzma (or 7zip) vs rar, at least for files which need to be compressed at all. Theora is worse than H.264 -- the anti-FUD article you linked to says so. I'm not sure how vorbis compares to AAC, but AAC isn't even the latest and greatest -- I just use FLAC.

I don't have a solution. What I would like to see is a genuinely better codec emerge, which is actually free -- and I suspect Google would support such a format. But Theora isn't it.

Re:Chromium Browser? (1)

Raenex (947668) | more than 4 years ago | (#33252934)

How many of those websites jumped out of the Internet, grabbed your browser, and forced you to visit them?

And who actually consented to a massive, collusive information gathering program? People are just browsing normally for other reasons, not to be spied on. They have to go out of their way to avoid this spying. That's why it's opt-out, and not opt-in.

They have publicly fought government requests for information.

Very well, but they could always lose in such a suit.

And how do you know what procedures they have in place to prevent this situation? This isn't Facebook, where that sort of thing actually happens.

Whatever procedures they have in place, the possibility is there. And how do you know it doesn't actually happen at Google? How many years was Facebook around before you heard about data breaches? And what about China's successful hacks into Google? The data is there, it's a risk because they collect it. You're asking for trust against governments, employees, hackers, and future business decisions.

I'm not an encoding expert, but the comparison you link to actually favors H.264

Why don't you quote the rest of the paragraph?

"However, the difference is not especially great. I expect that most casual users would be unlikely to express a preference or complain about quality if one was substituted for another and I've had several people perform a casual comparison of the files and express indifference. Since Theora+Vorbis is providing such comparable results, I think I can confidently state that reports of the internet's impending demise are greatly exaggerated. "

Did you look at the comparisons yourself? Do you think the quality difference is that big of a deal? YouTube had shit quality videos for years. Theora isn't shit quality. It's comparable to H.264.

Is that really what you're suggesting -- that we should use Theora and HTML5 only for lower-quality versions? I'm not sure I understand what you're saying here.

I'm saying they should offer a low-quality version if they don't want to re-encode something that's in H.264. Of course, I'd rather they support Theora at high resolutions too. The point is it should never be a requirement that you have H.264.

Re:Chromium Browser? (1)

SanityInAnarchy (655584) | more than 4 years ago | (#33255242)

And who actually consented to a massive, collusive information gathering program?

You did, with every website you visited -- though I have to wonder where you get "collusive" from.

People are just browsing normally for other reasons, not to be spied on.

And people are just typing into Facebook for other reasons, not to be spied on. It's still entirely your choice to play or not to play.

They have to go out of their way to avoid this spying.

Connecting to any given website is already your action -- you're already going "out of your way".

Very well, but they could always lose in such a suit.

Yes, they could, but I think it kills your "They are evil" argument. It certainly kills any comparison with Big Brother, when they actively fight the government.

Whatever procedures they have in place, the possibility is there.

In the same way that, say, the possibility is there for employees of a major CA to forge the certificates they'd need for massive MITM attacks. It might be worth investigating what's been put into place to ensure this doesn't happen.

How many years was Facebook around before you heard about data breaches?

Facebook was just some random website, without a particularly good "privacy policy", or particularly good security. I wouldn't need to hear about a data breach to know not to trust them with anything I care about.

You're asking for trust against governments, employees, hackers, and future business decisions.

And again... Trust with what?

For one thing, does Google know more about you than your ISP? Who do you trust more with that data? I've never seen my ISP fight a court battle on my behalf -- indeed, their policies say specifically that they will do nothing to protect me, that they will cooperate with law enforcement, etc.

Why don't you quote the rest of the paragraph?

Let's see...

However, the difference is not especially great.

So what? YouTube should deliberately drop quality? Or they should pay, again, large amounts more money on bandwidth, storage, transcoding, and CDN storage/bandwidth?

I expect that most casual users would be unlikely to express a preference or complain about quality if one was substituted for another...

And this was taken from an uncompressed, rendered source. As I said:

They also have a huge library of h.264 videos which would suffer a drop in quality at re-encoding, and, again, cameras encode h.264 in hardware, so they'd have brand-new h.264 videos for which the quality would instantly drop.

Do you have a comparison of H.264 videos re-encoded in Theora?

And that's assuming that they were actually equal, actually comparable. This is probably the most favorable comparison I've seen of Theora to H.264, and H.264 still comes out ahead.

I'm saying...

I asked a yes or no question. Whatever you're saying, it isn't yes or no, and I can't derive a yes or no from it. The critical point:

Are you suggesting that Theora and HTML5 should be the only option at whatever "lower quality" level they're used?

If so, that's a lot of browsers (new and old) which can't play them, and you can't wrap them in Flash to help those browsers out.

If not, you're suggesting that there be two completely separate encodings at a given resolution/quality, just so one of them can be Theora. That's a lot of money.

Re:Chromium Browser? (1)

Raenex (947668) | more than 4 years ago | (#33256702)

You did, with every website you visited -- though I have to wonder where you get "collusive" from.

A huge number of 3rd party sites agree to give Google data on your browsing habits. People are just trying to live their lives normally -- the web is just part of the basic infrastructure. Web sites don't prominently display their data collection activities. Most people are not technical and don't understand stuff like Google Analytics. This is a massive, data sharing program without informed consent, and Google is the ring-leader.

Yes, they could, but I think it kills your "They are evil" argument. It certainly kills any comparison with Big Brother, when they actively fight the government.

They're evil for collecting all this information where it can be misused. The Big Brother comparison is in regards to the scope of information collecting. By the way, I'm pretty sure when Google is presented with a warrant they serve it. I have to wonder what they do or have done when presented with a National Security Letter, as you're not even allowed to talk about them.

For one thing, does Google know more about you than your ISP?

It depends on what kind of logs they maintain. You're certainly right the ISP is an even bigger threat than Google, but that doesn't mean Google should collect all this information. They also pose some unique threats -- see YouTube vs Viacom, for instance, where Viacom was seeking the logs to look for evidence of copyright infringement.

So what? YouTube should deliberately drop quality? Or they should pay, again, large amounts more money on bandwidth, storage, transcoding, and CDN storage/bandwidth?

If the quality drop is insignificant, and it means an open format for the web, something which Google likes to say they support, then yes. As for the transcoding, they already do it now to serve lower quality videos.

Do you have a comparison of H.264 videos re-encoded in Theora?

Nope, but this was independent research to counter unsubstantiated and ludicrous claims by a Google employee on a standards working group. Do you have a comparison?

Are you suggesting that Theora and HTML5 should be the only option at whatever "lower quality" level they're used?

Yes, at the lower levels if Google won't re-encode H.264 at high-definition.

If so, that's a lot of browsers (new and old) which can't play them, and you can't wrap them in Flash to help those browsers out.

HTML5 and the video tag is new. There's no reason that new browsers which support it shouldn't be able to display Theora.

Re:Chromium Browser? (1)

SanityInAnarchy (655584) | more than 4 years ago | (#33257556)

Web sites don't prominently display their data collection activities.

Many have "privacy policies" -- how prominent would be prominent enough?

Most people are not technical

Yes, and whose fault is that? The information they would need is readily available. Alternatives exist.

Maybe I'm being insensitive here, but I'm really sick of the meme that otherwise intelligent people should immediately be assumed to be drooling morons as soon as they're confronted with a computer -- that they need to be protected from themselves. The entire antivirus market currently thrives on this assumption, when the single best way to avoid a virus is to avoid downloading random crap.

Most people are not technical, but most people are not automotive engineers, yet most people manage to avoid driving their cars into trees.

Clearly, the implication here is that most people don't care about security or privacy, at least not enough to educate themselves about the basics -- because, frankly, most people are entirely capable of being at least technical enough to be secure and private.

Personally, I don't care much about privacy -- the few things I am private about, I do take measures to keep private, but it would also not be terribly devastating if the whole world knew. I do care that it should be possible to be private, because I do feel that's a fundamental right -- but it is possible.

The Big Brother comparison is in regards to the scope of information collecting.

Even here, it fails -- I don't have to sneak off into the woods to avoid surveillance, nor is there a hidden camera in a bed and breakfast, recording my illicit affair.

As for the transcoding, they already do it now to serve lower quality videos.

Yes, but only a single version at each quality level, to reach customers they might otherwise not be able to (slower connections).

HTML5 and the video tag is new. There's no reason that new browsers which support it shouldn't be able to display Theora.

I doubt IE will. I know Safari won't -- FUD or not, Apple refuses to touch anything their lawyers haven't told them is OK, patent-wise.

And with that, YouTube loses most of the Internet-browsing population, unless they can convince everyone to install a plugin -- which isn't viable on, say, the iPad, where even if Apple were to allow such a plugin, it wouldn't have a hardware decoder to use.

This would be especially ironic, considering Apple is one of the main reasons people are actually implementing HTML5 video -- to reach iPhone and iPad, where they can't run Flash.

Re:Chromium Browser? (1)

Raenex (947668) | more than 4 years ago | (#33257746)

Many have "privacy policies" -- how prominent would be prominent enough?

You have to visit the site before you can even read the privacy policy. And who wants to read a bunch of legalize just to browse the web?

Maybe I'm being insensitive here

Yes, you are. You think people should have to walk around wearing disguises instead of having a reasonable expectation of privacy. It's as if every business you visited in public decided to identify you and report your whereabouts to a central party. That's fucked up.

I'm really sick of the meme that otherwise intelligent people should immediately be assumed to be drooling morons as soon as they're confronted with a computer

I care about privacy, I'm technically literate, I avoid cookies, and browse with NoScript. However, even I wasn't aware until a year or two ago about Flash cookies. Expecting the average citizen to keep up in a technological arms race to avoid being spied on is unreasonable and makes excuses for those doing the massive information gathering.

I doubt IE will. I know Safari won't -- FUD or not, Apple refuses to touch anything their lawyers haven't told them is OK, patent-wise.

Then fuck 'em. Visitors using those browsers can get the old Flash version. YouTube is big enough that they can dictate the terms here. When people start switching browsers watch how fast IE and Safari turn around.

Re:Chromium Browser? (0)

Anonymous Coward | more than 4 years ago | (#33245740)

Chromium also doesn't auto-update, decode H264 (as you mentioned), update Flash, or include Google's PDF implementation. Not a deal-breaker, but without those features I would go back to Firefox.

Re:Chromium Browser? (1)

bhcompy (1877290) | more than 4 years ago | (#33246278)

Realistically, you should be using Firefox anyways since Chrome doesn't support the hooks that NoScript needs to work, and NoScript is required(imho) for any power user(which everyone on Slashdot should be, or used to be). As far as the rest, there are ways available to put native PDF/flash support in Chromium, support H264, and update. The benefits of open source

Re:Chromium Browser? (1)

SanityInAnarchy (655584) | more than 4 years ago | (#33247530)

Chrome doesn't support the hooks that NoScript needs to work,

Which hooks would those be? In particular, if Adblock Plus can work, why can't NoScript?

NoScript is required(imho) for any power user(which everyone on Slashdot should be, or used to be).

No thanks, I'd much rather have a blacklist than a whitelist, for several reasons. One is that I like to be aware of the kind of crap each website is offering to the layman -- for example, I try to avoid websites that use Kontera and the like, rather than trying to make them tolerable.

Another is that when scripting is enabled, a site can progressively enhance itself to actually improve the experience. As I understand it, the NoScript theory is that I can selectively enable scripting on sites that need it to work -- but how would I know a site would work better with scripting enabled, if I don't first view it with scripting enabled? If the scripts are a problem, that's what Adblock is for.

As for my power user credentials, when I first set up Gentoo, it took at least a week, likely longer, until I had a working GUI. During this time, I used GPM and Lynx. I'm still generally not happy if a website doesn't work with Lynx, and I have used Lynx occasionally since.

But that doesn't mean I'm going to, say, surf with images off until I think I need them. I'd much rather give the website the benefit of the doubt.

Re:Chromium Browser? (1)

foniksonik (573572) | more than 4 years ago | (#33247848)

Hmm sorry, don't need noscript. I have a good hosts file. Pretty sure that trumps your power user argument and let's me use any browser I want.

Erm, what? (4, Informative)

SanityInAnarchy (655584) | more than 4 years ago | (#33245614)

Chromium is the open source version that Chrome, the proprietary browser, is built on. (Basically, they take Chromium, add codecs they can't legally include in Chromium, maybe a little branding, and release it as Chrome.)

The same is true of the OS -- the only reason it's "Chromium OS" is that the actual "Chrome OS" hasn't been released yet, because the community version isn't done yet.

Re:Erm, what? (1)

Flea of Pain (1577213) | more than 4 years ago | (#33245968)

I see. Thank you very much. I was unaware of this distinction and have learned something new today! Please mod parent informative.

Should be in the OS not the browser (1)

goombah99 (560566) | more than 4 years ago | (#33247752)

It makes very little sense to sandbox the application. sandboxing should be delegated from the application to the OS. I note that mac OSX have this built into the OS, but only a few applications like xgrid actually use it. The good news is that apps don't need to be sandbox aware to be sandboxed after the fact. I saw on mac osxhints were someone wrote a sandbox config file for firefox that forces firefox to run with reduced privledges and disk access.

Re:Should be in the OS not the browser (1)

SanityInAnarchy (655584) | more than 4 years ago | (#33248182)

sandboxing should be delegated from the application to the OS.

Ideally, yes, but modern OSes (excluding Chromium OS, maybe) don't always provide sufficient sandboxing, and they do it in different ways. This would be both additional security where it's needed (as well as ways for communicating in and out of the sandbox), and, hopefully, support for whatever native sandboxing options are available (it kind of needs those anyway -- Chrome already uses a chroot jail, I think).

But what does any of that have to do with what I wrote?

Re:Chromium Browser? (0)

Anonymous Coward | more than 4 years ago | (#33247342)

Chromium is not quite the same as Chrome:

http://en.wikipedia.org/wiki/Chromium_(web_browser)

Similarities with FreeBSD's jail... (1)

toejam13 (958243) | more than 4 years ago | (#33245132)

They say that they have working code for FreeBSD release-8. It makes me wonder if there is some relationship between Capsicum and FBSD's jails, or if FBSD is just being used because it is an environment of interest with the security/sandboxing community right now.

Re:Similarities with FreeBSD's jail... (1, Informative)

Anonymous Coward | more than 4 years ago | (#33245344)

At least two of the researchers are active in the FreeBSD project (Kris + Robert). Also Robert Watson's pet project has been TrustedBSD MAC extensions to FreeBSD since 5.something.

How timely (1)

Daniel Phillips (238627) | more than 4 years ago | (#33246818)

This may serve well to provide sandboxing for Android in place of Java [arstechnica.com]

Re:How timely (0)

Anonymous Coward | more than 4 years ago | (#33247528)

And it would require massive rewriting of Android components and almost all apps, ruining the current install base Android has built up. SMRT.

Re:How timely (1)

Daniel Phillips (238627) | more than 4 years ago | (#33247710)

And it would require massive rewriting of Android components and almost all apps, ruining the current install base Android has built up.

Nonsense. Current apps would continue to work just fine and anybody who wants to take the risk can just stick with Java.

Re:Similarities with FreeBSD's jail... (0)

Anonymous Coward | more than 4 years ago | (#33247018)

They say that they have working code for FreeBSD release-8. It makes me wonder if there is some relationship between Capsicum and FBSD's jails, or if FBSD is just being used because it is an environment of interest with the security/sandboxing community right now.

Nope. Jails are generally used to separate (say) applications: SMTP in one jail, IMAP in a second.

What this does is allow the IMAP software to fork into different processes, and then one process has to talk with the network so it restricts itself so it can't access the file system at all. The other process limits itself to only access the file system, and can even restrict itself to certain parts (e.g., only /var/mail/), and also makes it so it can't talk to the network. Both could also further restrict themselves such that they can't do any more fork()ing or exec()ing (to prevent exploit code from running if there is a vulnerability.

Basically the programmer determines which CAPABILITIES the program needs, and after basic initialization, tells the OS to restrict it to only those that it needs to functions. Then further on, if there's a risky bit of code, a fork() can be done, and the dangerous part can be further restricted.

It's similar to what (say) Apache does: it needs to be "root" to bind() to port 80, but once that's done it starts dropping privileges.

Kinda of misleading. (2, Interesting)

stanlyb (1839382) | more than 4 years ago | (#33245166)

It looks like user-space extension which you have to use, if you wanna your application to be sandboxed. But what about the malicious applications which don't wanna to be sandboxed???

Re:Kinda of misleading. (2, Insightful)

xMilkmanDanx (866344) | more than 4 years ago | (#33245224)

The point being sandboxed applications which deal with unknown, insecure content (i.e. the web) can keep said content from affecting anything outside the sandbox.

Re:Kinda of misleading. (2, Funny)

mewsenews (251487) | more than 4 years ago | (#33245918)

The point being sandboxed applications which deal with unknown, insecure content (i.e. the web) can keep said content from affecting anything outside the sandbox.

Until someone comes up with a specially crafted PDF... ;)

Re:Kinda of misleading. (0)

Anonymous Coward | more than 4 years ago | (#33246574)

This is wrong, current sandboxing techniques protect against plugin escape by wrapping their execution in a rights-restricted process. Capsicum should work the same way because of how shared libraries work (I guess, I haven't read most of the details). The main problem is that many proprietary plugins require more privileges than they should need, resulting in extremely weak sandboxing protection to keep them working.

Re:Kinda of misleading. (1)

Ungrounded Lightning (62228) | more than 4 years ago | (#33245802)

... what about the malicious applications which don't wanna to be sandboxed???

Build a launcher that sandboxes itself and then execs (or whatever) them.

Yesterday (0)

Anonymous Coward | more than 4 years ago | (#33245178)

Was running this Sandbox yesterday.

More crap that won't work (1)

pseudorand (603231) | more than 4 years ago | (#33245236)

Sounds like the permissions you specify for Android apps. That's all fine and dandy for a new platform and we all wish someone had bothered to require least privileges back in the day for our favorite OS, but they didn't. And if they had, it would have been too much work to program for anyway, so something else would have become our favorite OS. So now we have to port all our code to use a new scheme and that's far more work than anyone is willing to do. So we'll remain insecure. Case in point: selinux. Sounds good in principle, but those of us who need to get stuff done don't have time for it.

for fuck's sake (1, Informative)

Anonymous Coward | more than 4 years ago | (#33245278)

"Web browsers have evolved into operating systems"

No, they haven't, calm down.

Re:for fuck's sake (0)

bonch (38532) | more than 4 years ago | (#33245718)

Indeed. "For fuck's sake" really is the best response to that.

Re:for fuck's sake (2, Interesting)

Ungrounded Lightning (62228) | more than 4 years ago | (#33245904)

"Web browsers have evolved into operating systems"

No, they haven't, calm down.

I think he means that they have become application environments, giving access to all the fundamental services of the underlying operating systems, through their own API and security models, with their own set of bugs.

Re:for fuck's sake (1)

diegocg (1680514) | more than 4 years ago | (#33246720)

In other words, they have become a toolkit.

Re:for fuck's sake (0)

Anonymous Coward | more than 4 years ago | (#33246974)

Well, they've turned into an application layer that performs all the tasks of a typical desktop based operating system.

The only difference is that, for now, they sit upon an OS layer.

The idea is that said layer will slowly dissolve into worthlessness, as system use will infrequently require anything outside of the 'browser' (using browser very loosely here).

Academic Foolishness (3, Informative)

Roguelazer (606927) | more than 4 years ago | (#33245406)

These are major and invasive changes to POSIX. No reasonable person would expect to be able to do things like change PID semantics or shared memory. Yes, it might solve the problem that they sought to solve. But I would be very surprised to see this meet with any large-scale deployment. It's better to work with the system than to just arbitrarily decide Unix is wrong and rewrite it.

Re:Academic Foolishness (5, Insightful)

Anonymous Coward | more than 4 years ago | (#33245558)

I presume that you didn't actually read the API man pages. The interface follows squarely in the footsteps of the Unix design philosophy. No PID semantics are being changed, either. They've introduced process descriptors which, among other things, allow you to poll for process exit. They allow you to attach restrictions to descriptors, presumably so that a broker could open resources (files, sockets), restrict the allowable operations, and then pass them to sandboxed applications over a domain socket. It's all quite simple and powerful and exactly what I would love to see incorporated into POSIX.

Re:Academic Foolishness (5, Insightful)

IamTheRealMike (537420) | more than 4 years ago | (#33245564)

Both Android and ChromeOS are based on UNIX but neither expose POSIX as an API, so researching ways to change for the better seems like a good use of time.

Re:Academic Foolishness (0)

Anonymous Coward | more than 4 years ago | (#33248588)

Both Android and ChromeOS are based on UNIX but neither expose POSIX as an API, so researching ways to change for the better seems like a good use of time.

But Android and ChromeOS are implemented using POSIX, so they will be able to use Capsicum in their implementation -- and Google can provide new Android APIs based on Capsicum.

Re:Academic Foolishness (1)

mcrbids (148650) | more than 4 years ago | (#33245594)

hese are major and invasive changes to POSIX. No reasonable person would expect to be able to do things like change PID semantics or shared memory.

I don't think that they are expecting people to wholeheartedly change the 30+ year old POSIX API and adopt their new developments. This is research, remember? These are students who are exploring new ways to improve security and address problems with the POSIX API. It's there, we can adopt what we want, and in the meantime, students learn examples of how to write secure application development environments.

Re:Academic Foolishness (1, Interesting)

Anonymous Coward | more than 4 years ago | (#33247292)

These are major and invasive changes to POSIX

No, they're not. They are additions to the current security model.

An OS that has this functionality looks and acts exactly like a POSIX OS. It's up to the application program to call the appropriate APIs as necessary to properly sandbox things (and some parts of each app will potentially be sandboxed differently than other parts).

One of the researchers involved is Robert Watson who has heavily been involved in FreeBSD for many, many years. Knowing that he's doing this reassures me that this is well thought out and designed.

It's better to work with the system than to just arbitrarily decide Unix is wrong and rewrite it.

You're right, which is why this project didn't rewrite Unix--they added some APIs and libraries to the ones already there.

Adding ten lines of code to tcpdump, and having it not be exploitable anymore? Adding only 100 codes to a web browser, and not having to worry about zero-days from now on? Hardly foolishness.

Browsers Interact Directly with Hardware? (1, Insightful)

iamhigh (1252742) | more than 4 years ago | (#33245572)

Web browsers have evolved into operating systems unto themselves

Really? I am unaware of a (common) browser that is able to do much more than work with data...

Let's try to leave the the analogies used to educated luddites out of summaries intended for people that *KNOW* the difference between an OS and an application.

Re:Browsers Interact Directly with Hardware? (1)

blueg3 (192743) | more than 4 years ago | (#33245756)

Ever since that pesky von Neumann fellow, all any computer has done is work with data.

Re:Browsers Interact Directly with Hardware? (2, Interesting)

fluffy99 (870997) | more than 4 years ago | (#33246104)

Web browsers have evolved into operating systems unto themselves

Really? I am unaware of a (common) browser that is able to do much more than work with data...

Let's try to leave the the analogies used to educated luddites out of summaries intended for people that *KNOW* the difference between an OS and an application.

There are certainly many companies out there that want your OS to be nothing more than a web browser. That way they can sell software as a service. For things like Google Gmail, Google Calendar , Google Docs, etc. Microsoft is slowly moving in that direction as well. Its much more profitable to sell based on usage or per month, rather than selling you a perpetual license. Many businesses are moving towards the desktop being little more than a terminal with the applications actually running on a centrally manager Terminal/Application/Web server.

Re:Browsers Interact Directly with Hardware? (1)

xMilkmanDanx (866344) | more than 4 years ago | (#33246138)

Given virtualization as a concept no longer ties an OS to hardware interaction, browsers that can provide an increasingly powerful application framework are not that much removed from being an operating system. Firefox is capable of everything the old 8bit OS's were capable of and more. That is, other than provide direct hardware access.

So... (1)

lbalbalba (526209) | more than 4 years ago | (#33245722)

... When will we see implantations of this in Linux, *BSD, and, even, commercial Unix flavors ?

Re:So... (1)

micheas (231635) | more than 4 years ago | (#33249822)

... When will we see implantations of this in Linux, *BSD, and, even, commercial Unix flavors ?

I believe you can patch FreeBSD 9 (current) to use this. Check the FreeBSD security mailing list for a link to the patches.

Because their middle name is security (2, Insightful)

wowbagger (69688) | more than 4 years ago | (#33245744)

Y'know, I'm really glad Google wants to provide a new API for managing security. We need somebody to do this for us - somebody who really knows security, somebody who may as well have security as their middle name [nsa.gov] , to come out with an API framework for Mandatory Access Controls [nsa.gov] , preferably built right into th operating system kernel of a [fedoraproject.org] major [debian.org] distribution [gentoo.org] .

Yes, I'm really glad Google took the initiative on this.

Dang. I just commented and can't mod you up now. (0, Offtopic)

Ungrounded Lightning (62228) | more than 4 years ago | (#33246088)

Which is just as well, since I was torn between Informative and Funny. B-)

Re:Because their middle name is security (0)

Anonymous Coward | more than 4 years ago | (#33246678)

SELinux is too complex. Nobody understands it. This is also the opinion of many high profile Linux kernel hackers.

Re:Because their middle name is security (3, Informative)

Anonymous Coward | more than 4 years ago | (#33246682)

I know it's /. and all, but a little effort to read the paper would be nice. Or even, a stop at pretending SELinux is the solution to everything, because that was never its aim (or achievement).

5 Comparison of sandboxing technologies

We now compare Capsicum to existing sandbox mechanisms. Chromium provides an ideal context for this comparison, as it employs six sandboxing technologies (see Figure 12). Of these, the two are DAC-based, two MAC-based and two capability-based. ...

5.4 SELinux

Chromium’s MAC approach on Linux uses an SELinux Type Enforcement policy [12]. SELinux can be used for very fine-grained rights assignment, but in practice, broad rights are conferred because fine-grained Type Enforcement policies are difficult to write and maintain.The requirement that an administrator be involved indefining new policy and applying new types to the filesystem is a significant inflexibility: application policies cannot adapt dynamically, as system privilege is required to reformulate policy and relabel objects.

The Fedora reference policy for Chromium creates a single SELinux dynamic domain, chrome sandbox t, which is shared by all sandboxes, risking potential interference between sandboxes. This domain is assigned broad rights, such as the ability to read all files in /etc and access to the terminal device. These broad policies are easier to craft than fine-grained ones, reducing the impact of the dual-coding problem, but are much less effective, allowing leakage between sandboxes and broad access to resources outside of the sandbox.

In contrast, Capsicum eliminates dual-coding by combining security policy with code in the application. This approach has benefits and drawbacks: while bugs can’t arise due to potential inconsistency between policy and code, there is no longer an easily accessible specification of policy to which static analysis can be applied. This reinforces our belief that systems such as Type Enforcement and Capsicum are potentially complementary, serving differing niches in system security.

Re:Because their middle name is security (3, Informative)

wowbagger (69688) | more than 4 years ago | (#33246928)

Normally I don't even bother to read ACs, let alone respond to them, but in your case I'll make an exception since you are actually trying to make a cogent point.

Security IS complex - that is why it is better to get it right in ONE place than getting it WRONG many places. Had the researchers put the effort into defining a meaningful set of security contexts within SELinux - contexts that could be used for the WHOLE SYSTEM - they could have not only secured the browser, but everything else. Instead, they took a Barbie-Doll "Security is HARD" approach, and only secured ONE application.

The faults raised in the paper were not with SELinux itself, but rather with a specific implementation of a security policy, created by one vendor, which USES the SELinux framework.

Personally, I'd rather see a set of security contexts and attributes:
internet_tainted_file: this object (file) was created by a program which has accessed the Internet (more precisely, any network address not marked as trusted).
sensitive-file: an object (file) that may NEVER be accessed by an internet-tainted-program (see below)

non-internet-program - a program has no need to open ports outside the local network or access internet_tainted files.
internet-program: a program which MAY access the internet, but has not yet done so.
sensitive-tainted-program: a program which has accessed a sensitive-file, and thus may NEVER access the Internet. An internet-program may transition to the sensitive-tainted-program state by accessing a sensitive-file object.
internet-tainted-program: a program which has accessed the Internet, or accessed an internet_tainted_file.

That way, programs that have no need of frobbing the Internet (e.g. gedit) CANNOT access it. Programs that have touched sensitive files (e.g. /etc/shadow) likewise can NEVER touch the 'Net. Programs that have touched the 'Net can NEVER access sensitive files.

That's just the tip of the iceberg - but getting a proper set of security contexts can not only protect the browser, but EVERY program on the system.

And that is why I raised this point: all Google is securing is their own stuff (and only to the extent a malicious exploit cannot work around their solution, which is code in the application), rather than contributing to the greater security of the whole system.

Re:Because their middle name is security (0)

Anonymous Coward | more than 4 years ago | (#33248278)

RIght. They're securing one program, rather than trying to secure everyone else, which in practice would result in zero programs being secured. There have been other people trying to get changes happen. People just don't care. Who knows, maybe this will actually get some people to realize it's possible to do that and get it more widely adopted.

Re:Because their middle name is security (1, Informative)

Anonymous Coward | more than 4 years ago | (#33251344)

At the USENIX talk, the authors explained that one of the flaws in SELinux, not just Chromium's use of it, was the need to enumerate all sandbox domains statically in a policy file. The approach used in Chromium, and that you describe, allows different web sites to attack each other when rendered in the same browser, since they're not protected from each other. Capsicum allows applications such as Chromium to create as many sandboxes as they need dynamically. They also repeatedly said during the talk that capabilities complement, rather than replace, SELinux.

Re:Because their middle name is security (0)

Anonymous Coward | more than 4 years ago | (#33247140)

Yes, I'm really glad Google took the initiative on this.

Robert Watson, one of the research involved, already knows about MAC—he wrote an implementation from scratch for FreeBSD. It's not enough, and very intrusive to the user. MAC is also a sys admin-level configuration item, and overkill for many people (e.g., my sister's laptop) and hard to manage.

This system is a something that is orthogonal to MAC (and DAC): it can be used either on it's own, or in addition to MAC/DAC. Check out page 23 of the USENIX slides to see what each of these systems is capable of (and how many lines of code are needed to take advantage of each of them in Chromium):

http://www.cl.cam.ac.uk/research/security/capsicum/slides/20100811-usenix-capsicum.pdf

BTW, Ross Anderson (the author of "Security Engineering") is part of the same research group. Personally, I think Google teamed up with the right folks.

Re:Because their middle name is security (0)

Anonymous Coward | more than 4 years ago | (#33247194)

Lets see how much SELinux helps you with that next kernel exploit that Tavis finds.

Wunderbar emporium ring a bell?

http://www.youtube.com/watch?v=arAfIp7YzZ4

Security innovation (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33245926)

... there's been quite a bit of innovation on Windows security ...

What? There has? Do you mean the way it now asks me 'Are you sure you want to give this application a chance to destroy your computer? Y/N' and if I say 'No' I can't use the application?
I mean, if I really want to run that application I have no choice but to click 'Yes' and then if it was a virus after all I'm screwed.
What I'd want is a way to have more control over the program. Maybe put it in a sandbox and trick it into thinking it's got full privileges even though it's really sandboxed so it won't crash or maybe just set advanced settings for that specific application to disallow it from writing to specific registry/files/network/other process' memory.

Re:Security innovation (2, Insightful)

Thundersnatch (671481) | more than 4 years ago | (#33246462)

What I'd want is a way to have more control over the program. Maybe put it in a sandbox and trick it into thinking it's got full privileges even though it's really sandboxed so it won't crash or maybe just set advanced settings for that specific application to disallow it from writing to specific registry/files/network/other process' memory.

Which is... umm... pretty much exactly what Windows Vista, Windows 7, and Windows Server 2008 can do.

Re:Security innovation (1, Interesting)

Anonymous Coward | more than 4 years ago | (#33246496)

Which is... umm... pretty much exactly what Windows Vista, Windows 7, and Windows Server 2008 can do.

How? I've never got anything else except the choice to run an application or not run an application. Which is a choice I've usually already made before I run it.

Re:Security innovation (3, Informative)

Anonymous Coward | more than 4 years ago | (#33247072)

He's referring to low integrity processes [microsoft.com] . It's only really exposed in the Windows API. But you can start a low-integrity process two ways AFAIK:

1. Modify the image header. [microsoft.com] icacls notepad.exe /setintegritylevel low It will always start with the new privileges set from now on.

2. Do runas /trustlevel:0x10000 notepad.exe to start it at whim with low privileges.

Here's a screen capture of what happens to the latter when you try to access the user's desktop: http://i38.tinypic.com/wbs1vo.png [tinypic.com] .

Can't we just get this over with? (1)

jthill (303417) | more than 4 years ago | (#33247516)

It's too much to ask of IE, though if they did a good job it would reset the bar for awesome, but won't the other major browsers just break down and host an embedded emacs?

Re:Can't we just get this over with? (1)

cbhacking (979169) | more than 4 years ago | (#33247622)

Dammit, now I'm feeling bizarrely tempted to write a IE plugin that contains emacs. I have no idea why I'd want to do this; I don't even really like emacs. The idea is truly bizarrely compelling, though.

pandora88004 (0, Troll)

pandora88004 (1878232) | more than 4 years ago | (#33248396)

rosetta stone rosetta stone [rosettasto...onsale.com] rosetta stone language rosetta stone language [rosettasto...onsale.com] rosetta stone spanish rosetta stone spanish [rosettasto...onsale.com] abercrombie and fitch abercrombie and fitch [afonsale.com] Abercrombie Fitch Abercrombie Fitch [afonsale.com] Abercrombie Clothing Abercrombie Clothing [afonsale.com] pandora pandora [pandoraschmuckladen.de] pandora schmuck pandora schmuck [pandoraschmuckladen.de] pandora armband pandora armband [pandoraschmuckladen.de] tiffany tiffany [tiffanysfree.com] tiffany jewellery tiffany jewellery [tiffanysfree.com] tiffany rings tiffany rings [tiffanysfree.com]

Their past work (0)

Anonymous Coward | more than 4 years ago | (#33248454)

That's Robert Watson of the FreeBSD project who designed the DARPA-sponsored TrustedBSD security framework used in the iPhone, Ben Laurie who wrote OpenSSL and parts of Apache, and Kris Kennaway who worked on FreeBSD 7 SMP performance. Secure, powerful, and fast?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?