Dynamically Enable Xwindows? - BSD

This is a discussion on Dynamically Enable Xwindows? - BSD ; Igor Sobrado wrote: > jKILLSPAM.schipper@math.uu.nl wrote: > I fully agree with you, Firefox is too large and not all programmers > working on that project are security conscious. It will never be > as secure as a small project managed ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 25 of 25

Thread: Dynamically Enable Xwindows?

  1. Re: Dynamically Enable Xwindows?

    Igor Sobrado wrote:
    > jKILLSPAM.schipper@math.uu.nl wrote:
    > I fully agree with you, Firefox is too large and not all programmers
    > working on that project are security conscious. It will never be
    > as secure as a small project managed by security conscious programmers.


    On the other hand, Firefox's time-to-patch is excellent. And when it
    does have bugs, at least they are in places where one might expect them.
    (And not, say, a media format that allows arbitrary code execution
    pretty much as a design feature, if I've understood the issue correctly.)

    >> Though some context helps here - since I've booted this machine 30
    >> minutes ago (it's a laptop), I've run rtin, dillo, ssh, svn, some random
    >> shell commands, and now mutt and vim. Of those, the latter is the only
    >> one I've ever had to upgrade due to security problems.

    >
    > Bugs can be found on places that are difficult to believe. I suppose
    > that the bug you patched is related with the permissions or owners of
    > files created using that editor. :-)


    The bug I patched had to do with modelines being able to specify
    external commands for actions such as diff, I believe.

    > I usually prefer staying at the software provided with the operating
    > system. vim has a lot of nice extensions to vi, indeed, there is some
    > people here, in the Department of Mathematics, using vim and it can be
    > certainly highly customized (e.g., for TeX), but I prefer staying at
    > something that is portable to any computer running Unix (i.e., plain vi).
    > If it means "software written by the BSD development teams" (either
    > FreeBSD, NetBSD or OpenBSD)... excellent! I usually trust on the
    > software maintained by these teams. In any case, I try to minimize
    > the amount of external software added to the system.


    Me too, but some additions are just too useful not to make. For
    instance, on a desktop-ish computer, I'll be quite annoyed without mutt,
    vim (for syntax highlighting), tin, ion (if using X - it's the favourite
    du jour), and a capable browser (w3m, dillo, and/or Firefox). Plus some
    readers for various formats (gv, xpdf, antiword, ...), and you've
    already added quite a bit of software.

    Add niceties like xplanet and aterm; some occasionally used programs,
    like gimp and nmap; some stuff to toy with, like php (for syntax
    checking, mostly), postgresql-client, and a couple of libraries; and you
    can imagine that I find a default environment a little too spartan.
    Though I can work in it, of course.

    Joachim

  2. Re: Dynamically Enable Xwindows?

    dfeustel@mindspring.com wrote:
    >
    > What kinds of mail standards violations are you referring to above?


    Well, I am thinking on two classes of violations:

    1. the well-known HTML email messages: email messages should be
    plain-text only, some users either send messages in HTML or as
    a mix of plain-text and HTML. Even worse, a lot of people send
    messages in Word format too. Certainly, reading these emails
    using mail(1) is a challenging task. With MH, we have a chance
    of filtering them to make the messages readable again... even
    if it is an ugly workaround that should not be required.

    2. violations in the MIME headers (e.g., some mail user agents
    expect a non-standard header when attaching PDF files to email,
    these files are managed transparently by mail user agents,
    but when attached using, we say, mhbuild, theses files are
    usually unrecoverable by some MUAs). This problem is not
    specific to mail/uuencode...

    I certainly use mail(1) when reading the system reports, however.
    I know that the BSDs send readable email when running the
    daily/weekly/monthly scripts, sadly people do not care when sending
    email to people that is using other operating systems.


  3. Re: Dynamically Enable Xwindows?

    jKILLSPAM.schipper@math.uu.nl wrote:
    >
    > On the other hand, Firefox's time-to-patch is excellent. And when it
    > does have bugs, at least they are in places where one might expect them.
    > (And not, say, a media format that allows arbitrary code execution
    > pretty much as a design feature, if I've understood the issue correctly.)


    D'oh! The active desktop again... ;-)

    Agreed, patched releases of Firefox are available as soon as a problem
    is discovered; and bugs affect the browser only as we would expect.
    Firefox can have bugs, but at least it has a good design that maintains
    these bugs under control.

    >> Bugs can be found on places that are difficult to believe. I suppose
    >> that the bug you patched is related with the permissions or owners of
    >> files created using that editor. :-)

    >
    > The bug I patched had to do with modelines being able to specify
    > external commands for actions such as diff, I believe.


    Indeed, a feature of vi(1), and vim(1), is the ability of the editor
    to call external filters. I use these features to format some parts
    of my documents. Certainly patching other files is something the
    editor should never try.

    >> I usually prefer staying at the software provided with the operating
    >> system. vim has a lot of nice extensions to vi, indeed, there is some
    >> people here, in the Department of Mathematics, using vim and it can be
    >> certainly highly customized (e.g., for TeX), but I prefer staying at
    >> something that is portable to any computer running Unix (i.e., plain vi).
    >> If it means "software written by the BSD development teams" (either
    >> FreeBSD, NetBSD or OpenBSD)... excellent! I usually trust on the
    >> software maintained by these teams. In any case, I try to minimize
    >> the amount of external software added to the system.

    >
    > Me too, but some additions are just too useful not to make. For
    > instance, on a desktop-ish computer, I'll be quite annoyed without mutt,
    > vim (for syntax highlighting), tin, ion (if using X - it's the favourite
    > du jour), and a capable browser (w3m, dillo, and/or Firefox). Plus some
    > readers for various formats (gv, xpdf, antiword, ...), and you've
    > already added quite a bit of software.
    >
    > Add niceties like xplanet and aterm; some occasionally used programs,
    > like gimp and nmap; some stuff to toy with, like php (for syntax
    > checking, mostly), postgresql-client, and a couple of libraries; and you
    > can imagine that I find a default environment a little too spartan.
    > Though I can work in it, of course.


    :-)

    Well, an operating system is a platform to run the software we need!

    I agree with you, for me a good TeX distribution, a browser, OpenMOTIF,
    and nmh are required components for a workstation. tin is my favourite
    mail reader too, I never get accustomed to other mail readers... MetaPost,
    for mathematical figures, and xfig are valuable tools too... and for
    network simulations, ns.

    Cheers,
    Igor.

  4. Re: Dynamically Enable Xwindows?

    Igor Sobrado wrote:
    > jKILLSPAM.schipper@math.uu.nl wrote:
    >>
    >> On the other hand, Firefox's time-to-patch is excellent. And when it
    >> does have bugs, at least they are in places where one might expect them.
    >> (And not, say, a media format that allows arbitrary code execution
    >> pretty much as a design feature, if I've understood the issue correctly.)

    >
    > D'oh! The active desktop again... ;-)


    Actually, I was referring to http://secunia.com/advisories/18255/ - how
    someone can think that putting callbacks in a media format is a good
    idea, is beyond me.

    >>> I usually prefer staying at the software provided with the operating
    >>> system. I usually trust on the software maintained by [the *BSD]
    >>> teams. In any case, I try to minimize the amount of external
    >>> software added to the system.

    >>
    >> Me too, but some additions are just too useful not to make. For
    >> instance, on a desktop-ish computer, I'll be quite annoyed without mutt,
    >> vim (for syntax highlighting), tin, ion (if using X - it's the favourite
    >> du jour), and a capable browser (w3m, dillo, and/or Firefox). Plus some
    >> readers for various formats (gv, xpdf, antiword, ...), and you've
    >> already added quite a bit of software.
    >>
    >> Add niceties like xplanet and aterm; some occasionally used programs,
    >> like gimp and nmap; some stuff to toy with, like php (for syntax
    >> checking, mostly), postgresql-client, and a couple of libraries; and you
    >> can imagine that I find a default environment a little too spartan.
    >> Though I can work in it, of course.

    >
    > :-)
    >
    > Well, an operating system is a platform to run the software we need!
    >
    > I agree with you, for me a good TeX distribution, a browser, OpenMOTIF,
    > and nmh are required components for a workstation. tin is my favourite
    > mail reader too, I never get accustomed to other mail readers... MetaPost,
    > for mathematical figures, and xfig are valuable tools too... and for
    > network simulations, ns.


    I don't actually mind running SSH into the faculty systems for LaTeX, so
    it's not critical to me.

    As to mathematics, I should probably invest some time in something like
    PARI...

    Joachim

  5. Re: Dynamically Enable Xwindows?

    jKILLSPAM.schipper@math.uu.nl wrote:
    > Actually, I was referring to http://secunia.com/advisories/18255/ - how
    > someone can think that putting callbacks in a media format is a good
    > idea, is beyond me.


    one might also wonder why putting a command that can drop to a shell in
    a mail server is a good idea. things were different long ago.


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2