Page 2 of 13 FirstFirst 123412 ... LastLast
Results 11 to 20 of 122

Thread: There is a scary discussion on the Ubuntu Developers mail list.

  1. #11
    Join Date
    Feb 2007
    Location
    In my chair
    Beans
    1,485

    Re: There is a scary discussion on the Ubuntu Developers mail list.

    You can't without taking away every method they could use to install new software. Ubuntu can't whitelist every 3rd party package that a user might want to install.
    Currently favorite songs:
    Miss Hyde, This Song Is About Monsters, Masagin, I Will Try to Blow it Out, La Resistance
    Visit www.cherrypeel.com for more free indie music =)

  2. #12
    Join Date
    May 2007
    Location
    Canada!
    Beans
    1,709
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    Re: There is a scary discussion on the Ubuntu Developers mail list.

    Perhaps there can be 2 modes to set the OS into in the Administration menu. You could change it yourself, or the admin could lock it down, but what it does is you get 2 modes - "normal", and "safe". For most users, they would set it to normal (how Ubuntu is now), and for very "computer-'unknowledgeable'" users, they, or the admin, could switch it to "safe" for their account, and it would block EVERYTHING that didn't com from the repositories or the updates - and adding repositories would be blocked.

    You could just not give them the root password, but sometimes you have to, and some settings and stuff the user should be allowed to change needs it...

    Just an ideae

  3. #13
    Join Date
    Apr 2007
    Location
    An Aperture Science Lab
    Beans
    1,287

    Re: There is a scary discussion on the Ubuntu Developers mail list.

    Quote Originally Posted by ryanVickers View Post
    Perhaps there can be 2 modes to set the OS into in the Administration menu. You could change it yourself, or the admin could lock it down, but what it does is you get 2 modes - "normal", and "safe". For most users, they would set it to normal (how Ubuntu is now), and for very "computer-'unknowledgeable'" users, they, or the admin, could switch it to "safe" for their account, and it would block EVERYTHING that didn't com from the repositories or the updates - and adding repositories would be blocked.

    You could just not give them the root password, but sometimes you have to, and some settings and stuff the user should be allowed to change needs it...

    Just an ideae
    I think thats a good idea. There would be a smart user system a root account and a user account ... the user would need to ask for a time activated root pass that would be only good e.g an hour but it's only good for something like changing a setting.

    If they block all 3rd party software they should also make an easy to use repo screening system. So a developer has made some software for Ubuntu he submits it to the Ubuntu screening team to check it for something that might harm a pc and if the software passes it would go into the Ubuntu repository 3rd party software only section. But it needs to easy so that people aren't scared away from using it or not writing software at all.
    I reject your reality and substitute my own.

  4. #14
    Join Date
    Mar 2006
    Location
    cyberspace
    Beans
    6,198
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: There is a scary discussion on the Ubuntu Developers mail list.

    What everyone seems to be missing is that any ideas they have here will never be seen by the Ubuntu developers. Who have a history of not listening to users and doing exactly what they want. Try posting to that mail list and you will see what I mean.
    I also see that this is something that effects the whole Ubuntu community. I am going to ask that it be moved to another part of the forum.
    I trust Microsoft as far as I could comfortably spit a dead rat

    I'm in my third year at a Lutheran seminary!

  5. #15
    Join Date
    Oct 2005
    Location
    Portland, Oregon USA
    Beans
    4,022

    Red face Re: There is a scary discussion on the Ubuntu Developers mail list.

    Quote Originally Posted by Kilz View Post
    I happened to be cleaning out my email box for the Ubuntu developers list. What I found may send shivers up your spine.

    http://www.opensubscriber.com/messag...m/7673369.html

    This is a discussion on how to make it difficult for users to install 3rd party applications under the guise that some may be malware. That the developers know more than users what is safe or wanted on a their computers. This sounds more like it came from Microsoft.
    Am I reading this correctly?
    Quote Originally Posted by peitschie View Post
    Wow... I feel like I'm on slashdot.... umm rtfa?

    Yes, the article is broaching the idea of restricting installation of software. And is discussing how software can be "controlled" for the deliberate purpose of eliminating malware and other such baddies (a good goal). It is important to note though, that the author of the so called "scary letter" realises these points. To quote:


    I have had to clean up so many malware infested windows machines... I would dream of chains of trust to help my job! This is something that needs to be examined, because not everyone is a power-n3rd who can distinguish between cool eye candy ("yay compiz repos!") and a keylogger hidden in a music player ("umm.. Amaroque2?"). If we don't discuss OS defense, we leave the door open to virus makers, malware creators and all other kinds of malicious people.

    Stop being so dramatic and lets actually get positively involved in the discussion. How do we protect ubuntu, and protect our unexperienced brethren from those who wish to harm them?
    Interesting post, but honestly nothing to worry about. You could always just use Debian or simply build your own Ubuntu derivative both of which are very, very easy to do.

  6. #16
    Join Date
    Oct 2006
    Beans
    4,619
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: There is a scary discussion on the Ubuntu Developers mail list.

    That whole idea is just ridiculous! Sounds like they want to go back to the Linux of 1995.
    I really hope that doesn't happen.
    Blog | Ubuntu User #15350 | Zsh FTW | Ubuntu Security | Nothing to hide?
    AMD Phenom II X6 1075T @ 3GHz, Nvidia GTX 650, 8GB DDR3 RAM, 2 X 1TB, 1 X 3TB HDD
    Please don't request support via PM


  7. #17
    Join Date
    Dec 2005
    Location
    Tucson, Arizona
    Beans
    Hidden!
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: There is a scary discussion on the Ubuntu Developers mail list.

    this sounds liek teh scare that the kernel developers were going to make it so no restricted modules could be in the kernel, and gave everyone like 6 months to adapt before they forcefully reject any restricted modules (or something along those lines)

    these people arnt stupid, im confident they will make a good decision
    Jabber: markgrandi[at]gmail.com

  8. #18
    Join Date
    Jan 2005
    Beans
    Hidden!

    Re: There is a scary discussion on the Ubuntu Developers mail list.

    Quote Originally Posted by Kilz View Post
    What everyone seems to be missing is that any ideas they have here will never be seen by the Ubuntu developers. Who have a history of not listening to users and doing exactly what they want. Try posting to that mail list and you will see what I mean.
    I also see that this is something that effects the whole Ubuntu community. I am going to ask that it be moved to another part of the forum.
    What everyone is missing is that there are no nefarious intentions here.

    And this crap about Ubuntu developers "history of not listening to users" is pure and utter nonsense.

    As someone who has had the privilege of moving from user to developer I can say in all honestly the users (which they are also and everyone forgets) are first on their minds. Go to a UDS. The are free for anyone to come and participate in and will show you how important we all are.

    People ask for alot of impossible things that simply can't be done.

    This was probably a mistake posting because alot of people on the board now a days rather hold on to and feed the crappy FUD and rumor but oh well.

    Everyone wants to complain. If you don't like it actually get off your duff and do something about it or use another distro.

    ***MMA shakes head.

    Kilz - This isnt aimed directly at you, more this general attitude that to me is all too common on these forums lately.
    Last edited by MetalMusicAddict; September 29th, 2007 at 07:01 PM.

  9. #19
    Join Date
    May 2005
    Location
    US
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: There is a scary discussion on the Ubuntu Developers mail list.

    What's the big deal? I guess some people didn't read the whole thing:
    What is of course also necessary is an ability for power users to
    specify additional third-parties without any blessing from Ubuntu.

    However *this facility must not to be accessible to naive users*.

    In particular, it *must not be possible* for a third party to invoke
    such a UI via eg a website, incoming email, video file, or whatever.


    We can't stop third parties writing on their website

    "Now go to Settings / Advanced / Trusted Software Sources
    and select Add Absolute URL
    and paste in http://malware.example.com/ubuntu/
    say `confirm' to the security warning and enter your pasword"

    or

    "Select Applications / Accessories / Terminal
    In the window type
    sudo apt-add-untrusted-repository --force-security-override http://malware.example.com/ubuntu/
    and type in your password when prompted."

    but even a naive user can be expected to smell a rat there.

    On the other hand if the third party can say

    "Your browser does not support Frobnication.
    [Click here] to install it"

    the user will click and probably say yes to the confirmation question
    and enter their password when prompted. So we have to prevent that.
    If you're a power user (as most of the people who visit the Community Cafe often are), then you can do whatever you want. This is basically extending a Gnome way of thinking: think for the "naive users" and then create a back-end for power users to do other stuff they want to do.

  10. #20
    Join Date
    Oct 2005
    Location
    Portland, Oregon USA
    Beans
    4,022

    Red face Re: There is a scary discussion on the Ubuntu Developers mail list.

    Quote Originally Posted by aysiu View Post
    What's the big deal? I guess some people didn't read the whole thing: If you're a power user (as most of the people who visit the Community Cafe often are), then you can do whatever you want. This is basically extending a Gnome way of thinking: think for the "naive users" and then create a back-end for power users to do other stuff they want to do.
    aysiu, I agree that this is no big deal.

    Also Ubuntu users can always use XFCE, KDE, Fluxbox or E17 if they don't agree with GNOME decisions.

Page 2 of 13 FirstFirst 123412 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •