Various safety measures, OS comparisons, multi-boot, Flash b

General discussion about web technology.
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Flash Player sandboxing is coming to Firefox

Post by therube »

(I'm only guessing) on the link you posted above because it is broken ;-).
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120517 Firefox/14.0a2 SeaMonkey/2.11a2
Hungry Man
Junior Member
Posts: 43
Joined: Wed Oct 19, 2011 9:42 pm

Re: Flash Player sandboxing is coming to Firefox

Post by Hungry Man »

Weird. That's the second time that's happening.

Either way.... that explanation pretty much covers my view.
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.8 Safari/536.11
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

Hungry Man wrote:What I've found is that everyone is an idiot sometimes, just some more often than others. But I agree that it's still useful as a tool in the right hands.
Couldn't have said it better myself, although Tom probably could ;)
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

Tom T. wrote:XP has DEP. :ugeek:
Yes it does, you are right and HM just committed an oversight, not a stance on his credibility.
Hungry Man wrote:...it's probably worth noting that DEP is pretty useless without ASLR.
Agreed, pretty useless in general in IMHO.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

Not to get technical but also the technology is only as effective as the layer in which it is invoked. By layer I mean OSI. If you have an appliance that filters based on Layer 3/4 technology, it makes the decision based on the flag/header, not the content/data, so you can still fool it. You need to get to Layer 6 and up effectively to do any REAL data analysis and that's exposed to weaknesses of its own that are sometimes introduced by the OS, sometimes by the software itself, and countless other issues (ie. memory allocation attacks including DMA or DDA, etc). Just thought I throw that in there.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

(broken link)
Hungry Man wrote:Weird. That's the second time that's happening.
There is a known phpBB issue with long links being truncated. The cure is to wrap them in URL tags or code tags.

If you would like to buy me a Win 7 machine, I'll be happy to use it and report the results.
Not all of us can afford to buy a new computer or new OS every couple of years.

I understand your point about adding additional layers of defense, bypassable or otherwise. The flip side of that is that larger footprint = larger attack surface.
It's been estimated that on average, there is one flaw in every 1000 lines of code.
Some will be meaningless. Some will create bugs in functionality. Some will be exploitable.

Whichever, larger footprint always brings with it more room for coding flaws. And as my friend Nick P. (who specializes in ultra-high-assurance systems for Gov and corps that need them) has pointed out, here and at Bruce Schneier's blog, it's not just in the libraries themselves, but every communication between processes, libraries, etc. is another possible point of weakness. So the potential vulns climb geometrically.

Bottom line: It's good that MS is trying to increase the cost of attack. It's bad that their systems keep getting more bloated. (7 was an exception, the first MS OS in history to have lower resource requirements than its predecessor, and that goes back to the MS-DOS days.)

Empirically, *in fact*, *in the real world*, the number of severe vulns in XP has indeed declined. I'm not going to go back through all of the security bulletins for the last five years or so, but you're certainly free to do so. I'm also not telling those with Win 7 to go back to XP -- sorry if you got that impression. However, Vista users clearly have been either upgrading or downgrading. A different source of stats from the previous Wikipedia link:

Code: Select all

2012 	Win7 	Vista 	Win2003 	WinXP 	Linux 	Mac 	Mobile
April 	51.3%      4.2% 	0.6% 	27.3% 	4.9% 	9.3% 	1.5% 
Source: http://www.w3schools.com/browsers/browsers_os.asp

Really, we don't disagree on much, except that XP is presently not the Swiss cheese that it was when introduced, nor the Swiss cheese that you seem to be saying it is.

What's noteworthy is that fewer patches are being issued for "all" of the supported client core OSs, and far more for optional components: MS Office, .NET, Win Media Player, etc. Which tells me that the bad guys are finding it cheaper to attack those than to attack the core OS.

And yes, of course I was totally kidding about you hacking me! :D
Image
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
Hungry Man
Junior Member
Posts: 43
Joined: Wed Oct 19, 2011 9:42 pm

Re: Flash Player sandboxing is coming to Firefox

Post by Hungry Man »

Really, we don't disagree on much, except that XP is presently not the Swiss cheese that it was when introduced, nor the Swiss cheese that you seem to be saying it is.
I suppose so.

I'm not suggesting you buy a new computer or move to Linux. Just saying that it makes sense that Adobe isn't creating the sandbox for XP as it could not be as effective.
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.11 Safari/536.11
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

Tom, if software is EVER your issue, just ask me. I have access to legit copies of just about ANYTHING made out there. 90% of time I know the developers and have access to the software because I help them with it, the other 10% is professional courtesy. On top of that I have access to 100% of bootleg hacks and tweaks of any software too, for those more adventurous. You want something, just ask me.

Now as far as having a machine that can run what you want or asking, then that's a bit more tricky but not by much. I "recycle" hardware that are plenty good that people ditch for a newer unit that are often 10x better than the ones I use for myself, I just spruce them up (memory, drive, this and that) and pass them on to others. So this means that even the hardware I can help you out with, mostly desktop units, but even occasional laptops too.

I thought you knew that but just in case you didn't, here you have it in writing. The worst case scenario, you ask, and I don't have it on me at the time, but eventually you will get it. Now straight up front, I don't do Apple hardware, I fix them for people, upgrade them, so on, but I don't "recycle" or broker them, just not my thing. Software on the other hand, I can help with, although more difficult given the community I hang with despises Apple stuff, but that don't mean they can't get it.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

GµårÐïåñ, that's an extremely generous offer. I was mostly kidding about HungryMan buying me a Win 7 machine; the point was that many users, not just myself, have neither the finances nor the desire to buy new machines and/or new OSs frequently. Plus, you're aware of how much time and effort I've put into tweaking this one. ;)

If someday you do have an unneeded laptop with a *validly licensed copy* of Win 7, then of course it would be of interest to play with it, see the differences, etc. And it would help in doing support for those very few cases where an issue is OS version-specific, which is almost never. Some issues are Linux-only or Mac-only (which is why I call you on those), but if it's a NS or Fx issue on Windows, chances are it affects all Win client systems.

("laptop" because I don't have a monitor or a modern mouse; also, not a lot of extra space. Plus most of my work and play is done on the scenic balcony or the living room couch. :D )

But it would still be nice to tell a user that I've confirmed the fix, not only on XP, but on Win 7 also. And academic curiosity. :)

I don't have the time or motivation to start learning Mac from scratch, so no worries there.

I think we've covered this topic pretty thoroughly. Interesting discussion.
Cheers all,
Image
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
Hungry Man
Junior Member
Posts: 43
Joined: Wed Oct 19, 2011 9:42 pm

Re: Flash Player sandboxing is coming to Firefox

Post by Hungry Man »

I think we've covered this topic pretty thoroughly. Interesting discussion.
I agree.
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.11 Safari/536.11
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

No problem, noted. Keep in mind, you don't need to have a separate machine for each OS/platform to support it. Say not including your current desktop, if you want to keep all separate, you can easily take say a laptop and put Windows 7 on it, install any version of Linux you want on another partition, and then create a VMWare or VirtualBox or VirtualPC copy of Mac on the windows or linux partition and you got the tool to support all of them. All in one shot. Beauty of virtualization my friend and dual/multi boot. :ugeek: Not to mention the TONS of OS you can install on a bunch of cheap 8 GB thumb drives to have fully functional copy of ANY OS with a label on each thumb drive that says what's inside. I mean the whole investment $40 tops per thumb drive.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

GµårÐïåñ wrote:No problem, noted. Keep in mind, you don't need to have a separate machine for each OS/platform to support it. Say not including your current desktop,
I don't own a desktop computer. (See above re: "living room couch and scenic balcony".)
if you want to keep all separate, you can easily take say a laptop and put Windows 7 on it, install any version of Linux you want on another partition, and then create a VMWare or VirtualBox or VirtualPC copy of Mac on the windows or linux partition and you got the tool to support all of them. All in one shot. Beauty of virtualization my friend and dual/multi boot. :ugeek:
On 1.5 GB RAM and 1.6 GHz CPU? ... this machine is from 2005. :uber-poor lol:
Not to mention the TONS of OS you can install on a bunch of cheap 8 GB thumb drives to have fully functional copy of ANY OS with a label on each thumb drive that says what's inside. I mean the whole investment $40 tops per thumb drive.
This MOBO will simply *not* boot from a thumb drive. I've spent hours trying (remember you gave me some tools and tips?) and talking to OEM tech support, who confirmed that it will not; in fact, none of their laptops except for the top of the line, most expensive one will. The MOBO and CPU have to support that, and this one just doesn't, trust me.

IIUC, most desktops will, but laptops are highly variable. Check around for yourself. I wish it would, because that would be faster than booting from the emergency CD, but it won't. Thanks for the offers.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by Thrawn »

@Tom T: Sounds like you need to take up the original offer of a new recycled laptop :)
You can use your pocket-sized XP for general browsing, and try out other operating systems on the new one.
I can recommend Puppy Linux as a rescue system; fits on even a tiny usb, but quite feature-packed.

Could you still try out other boots via cd on your existing one?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (Linux; U; Android 2.2.1; en-gb; GT-S5570 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

Thrawn wrote:@Tom T: Sounds like you need to take up the original offer of a new recycled laptop :)
I thought I did... ;)
You can use your pocket-sized XP for general browsing, and try out other operating systems on the new one.
I have plenty of HD room for another OS, but IIUC, running a complete VM (as Guard recommended) takes up a lot of resources. IDK what the exact requirements are for "good" performance on one.
I can recommend Puppy Linux as a rescue system; fits on even a tiny usb, but quite feature-packed.
Repeat: USB flash drive will not boot this computer.

I have a DOS boot CD, but the CD made from the FDI-backup program (no free plugs for the brand ;) ) works just fine.

As it happens, this does in fact boot a mini-Linux OS, a bit under 50 MB, all loaded in memory, from which the Restore functions can be accessed.
(Restore individual files, or restore any previous backup image, "painting" the drive to the exact state as when the snapshot was taken).
Could you still try out other boots via cd on your existing one?
If it's a self-contained system, of course. The issue was that the mobo refuses to recognize a *flash drive* as a bootable device, no matter how formatted, etc.
Other USB devices are fine -- external HD, or even a USB external CD/DVD reader or read/write will boot it.

The real issue is that whereas GµårÐïåñ and you make your living in this area, I don't. Avid avocation, but would rather spend whatever hours can be spared to helping out here, rather than spend them learning entirely new OS like Mac and *nix. I wouldn't expect much trouble transitioning to Win 7.
So that was the most appealing offer. :)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

It would be rough to run virtual machines on those specs, but they are not THAT bad, if you were doing dual partition and running Linux outright, you'd be fine. One minute you are in XP, the other you are in Linux depending on how you boot up, you can ignore the VM portion for now, although it can still be done, it would just be a bit draggy and slow.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5 Comodo_Dragon/19.0.3.0
Post Reply