So, my idea is to have the operating system keep some sort of record of processes that are allowed to run with root1 privileges, and have software, upon installation, register with the operating system any such processes it needs.
To explain my point, let’s make the following assumptions:
The operating system has a reliable way of identifying processes that are about to be spawned.
The operating system keeps an encrypted record of processes that are allowed to run with root privileges.
It requires authentication by a user with root privileges to install software that can obtain root privileges.
Software must register any processes it needs root privileges for with the operating system upon installation.
The operating system bluntly disallows any processes it doesn’t know about to run with root privileges.
No (known) privilege-escalating exploits are present.
If those conditions are met, it seems to me that it would be nearly impossible for any malware to surreptitiously obtain root privileges, and thus do damage to the system. It could still erase, steal and/or otherwise abuse the user’s data, but that’s a problem that falls outside the scope of process privileges.
Again, I’m probably missing something here, otherwise operating systems would likely be doing all this stuff already. But if that is the case, I would be curious to know why then it’s not feasible. So if you have any comments on the matter, please don’t hesitate to leave them!
This post is in Dutch, as it mostly concerns current events in The Netherlands.
Maar al te vaak wordt tegenwoordig geopperd om censuur1 toe te gaan passen in de strijd tegen zaken als kinderporno, terrorisme, of andere zware criminaliteit. Vaak wordt daarbij handig ingespeeld op een relevante (liefst schokkende) actuele gebeurtenis. Dan zijn mensen gevoelig voor de zaak, en worden maatregelen die schijnbaar bedoeld zijn om zo’n gebeurtenis voortaan te voorkomen geslikt als warme koek.
Een andere populaire tactiek is het aankondigen van omstreden maatregelen, op een hoop verzet stuiten, en de maatregelen vervolgens in afgezwakte vorm doorvoeren. Doe dat een paar keer, en het idee mag duidelijk zijn. In het Engels ook wel bekend als het “boiling frog” fenomeen: gooi een kikker in kokend water en hij springt er gelijk uit. Stop een kikker in koud water en verhit het langzaam en je kookt de kikker dood.
Meestal komen zulke maatregelen dus neer op het filteren van het internetverkeer van alle burgers. Op zo’n moment gaan bij mij alle alarmbellen rinkelen, welke reden er ook voor wordt genoemd. Censuur kan niet de oplossing zijn. En regelmatig wordt van me verlangd dat ik uitleg waarom ik dan tegen maatregelen ben die duidelijk zijn bedoeld tegen ernstige misdrijven. Omdat ik geen zin meer heb om iedere keer weer hetzelfde verhaal te vertellen, doe ik het op deze manier, zodat ik voortaan hiernaar kan verwijzen.
I’ve been using the nickname raptor, or when that wasn’t available, raptorNL for years now, but I just decided I’m getting too old for that nonsense. I already have a name that I’ve had since birth and which serves me fine, so I figured why would I need another? It’s not like a nickname offers any anonymity, there are other ways to accomplish that if so desired. It’s also not a given nickname, I just made it up myself, so I won’t be offending anyone by not using it anymore.
My first name is not that uncommon, so it’s already used by countless others. My last name is pretty uncommon, but I do have family I share it with. I already claimed helvensteijn.com, and I’m not about to go claiming our family name everywhere on the web.
That leaves me with just plain Colin Helvensteijn, but since many web sites and services don’t accept spaces in usernames, it’ll be ColinHelvensteijn then, because I hate underscores. As far as I know my first and last name pretty much uniquely identify me, so chances are no-one else will be using it. I’ve been using it on and off as a wikiname here and there (at Wikipedia for instance), so I already have precedent.
So, I’ll be changing my raptor/raptorNL nicknames everywhere to ColinHelvensteijn in the following days or weeks or so, at least if the site or service allows it. I could always re-register otherwise. I’m starting with Twitter right now.
Update: Twitter fail. Name is exactly 2 characters too long. Any suggestions?
Update, March 29th: Twitter Isn’t the only one wo thinks 17 characters is too long. So, chelvensteijn it is then. If a site thinks 13 characters is still too much, I don’t even want to be registered there.
I just launched a new code section. I always had something like that in the form of some separate pages, but now I integrated it into WordPress, so it looks and behaves the same as the rest of this site.
I’ll have to see if I think any of the old projects are still interesting enough to bring them back to this new section, I haven’t decided yet. I did kick off with two articles, the first explains how I managed to get WordPress to save and display code properly, the other describes one of many inconsistencies in PHP, one I didn’t know about until yesterday.
With these custom post types, WordPress is getting quite powerful as a general purpose CMS, provided you know some PHP to bend it to your will. Only the menu system isn’t quite there yet. The “Code” menu item is not in it’s active state (chevron on the left side) on article pages in the code section as it should be.
So, Google wants to be open and is going to drop support for H.264 video from Chrome in favor of WebM somewhere in the not too distant future. That’s interesting, I’m waiting for their announcement to drop support for Flash, too. Seriously, who made this decision? What in the world were they thinking? H.264 may have some patent licensing issues, but it is certainly more open than Flash.
So what are web developers supposed to do now? H.264 has become a de-facto standard on the web. A web developer can today offer a video in H.264 using the HTML5 <video> tag, and use Flash to play the same file as a fallback. Nearly every PC supports one or both. Nearly every mobile device sold today will happily decode H.264 in its video chip. Mobile devices that can decode WebM in hardware are scarce, to say the least.
Does Google really want web developers abandon a de-facto standard for something of less quality that isn’t nearly as widely supported? And with which a patent troll might still have fun someday? Or do they now have to serve two files for the same video, just to cater to Google’s whims? Microsoft’s Tim Sneath hits the nail on the head, if you ask me. One could opt to just offer the H.264 video and have Flash handle it in Chrome. But what if Google does drop support for Flash next year or so? Then what?
And what about users? Chrome’s already got quite a market share. If H.264 is no longer natively supported, Flash is the user’s only option on many sites. YouTube isn’t the only video provider out there. Most, if not all, serve H.264. Google could convert YouTube to WebM, but not all those others. And what if Google does drop support for Flash next year or so? Then what?
To me, this comes of as kind of lame. It seems like Google wants to push its WebM at the expense of its users, and throws the specifics in the hands of web developers so they can mop up the mess. Don’t be evil, anyone? And how about pragmatism? Openness isn’t everything, you know.
When I started using Twitter about a year ago, I soon realized that if I wanted to tweet about a new blog post on my site, I was going to need a URL shortener. Back then, I chose to use bit.ly’s services, and until recently, saw no reason to change that. Lately, however, it seems everyone is using his/her own domain for short URL’s, so I jumped on the bandwagon, too.
A few days ago, I acquired the domain hlvn.st, and now I also have the database structure and some simple PHP scripts in place to make the whole thing do its magic. For the keywords (the part after the / in the short URL) I decided to use 4 case-insensitive alphanumeric characters. That gives me 364 (1,679,616) possibilities, minus a few ones that I blocked for obvious reasons. Seems enough for the time being. If I need more, I can always go up to 5 or even 6 characters, giving me 60,466,176 or 2,176,782,336 possibilities, respectively.
Now that I have my own working URL shortener, I removed all the existing bit.ly short URL’s from my blog posts (they’ll continue to work so long as bit.ly exists, though) and replaced them with hlvn.st ones. I currently intend to only use hlvn.st for blog posts or other parts of my own web site, but in the future I may decide to use it for anything and everything I need short URL’s for. An API is already in place, so WordPress can automatically shrink its permalinks for new posts (like this one).
On a (completely unrelated) side note, let’s cut the two-thousand-whatever-crap. It’s twenty-eleven (twintig-elf for the Dutch among you), which is much easier to pronounce.
Technically, I’m an agnostic, in that I can’t prove or disprove the existence of a deity. But then again, I can’t prove or disprove the existence of the Invisible Pink Unicorn either, so I tend to think of myself as an atheist.
I’ve been asked by some why I would celebrate Christmas as an atheist. Well, here’s why. Anyone who’s actually taken the time to examine the history of Christmas, knows that originally, it had nothing to do at all with Christianity.
Originally, it was just pagan tribes celebrating the winter solstice, among other things. Christianity later took it as their own, linking it (wrongly) with the birth of Jesus of Nazareth. I imagine it was done because those pagans wouldn’t have converted to Christianity if their feasts had been forbidden.
Besides, Christmas has become a tradition in the Western world. It’s just one of the many holidays in winter time to make those short and dark days more endurable. I’d also qualify it more as a commercial holiday, rather than a religious one. Heck, which holiday isn’t nowadays?
So that’s why atheists can celebrate Christmas, too. It’s not a Christian holiday, it’s simply tradition. An on that note, I wish everyone, regardless of religion, a Merry Christmas!
I routinely use the Mozilla Developer Center to look up information on the topic, and I hardly, if ever, need to look elsewhere. Their DOM section is also quite extensive.
Considering the shady quality of some documentation (especially tutorials) out there, this is not a bad idea. Therefore, I’ll put the badge up here, too. Not that the traffic this site generates is going to be of much help to the cause, but every little bit helps, right?
With the announcement of the previous redesign still on the front page, I’m presenting here Helvensteijn.com version 5. It’s not that I didn’t like the previous design, but it was a little busy. And since I was already thinking about drastically simplifying this whole site, I figured a simplistic design would go nice with it.
So what’s up with that simplification? It basically means that this site is now mainly a blog, as opposed to a bunch of pages with a blog somewhere in between. The main menu reflects this: it went from five items — three of which had submenus — to a flat menu with only three items (actually four, but one is visually pulled out of the menu and only appears when scrolling down). As for the blog itself: there are no more categories, only tags. I believe one kind of taxonomy is sufficient for a simple blog. Category archives still exist, but are indistinguishable from tag archives.
The pages that disappeared from the menu are, in fact, still there, but I just won’t link to them anymore. They are now just sitting there along with some other non-public pages. I’m not sure whether or not I’ll keep them online forever, but for now, nobody should see “404 Not Found” errors. If you do, please let me know!
Another thing I wanted to mention is that this layout is much lighter than any of the previous ones. No more than five images are used for the theme. I also got rid of jQuery. I like it, but I could easily accomplish all behavior — there really isn’t much of it anyway — without it. The most heavy parts are now the font used for the titles (still Museo) and the Shadowbox script (the thing that pops up images and stuff).
I made heavy use of CSS3 in this design. Rounded corners, transitions (currently supported in Safari, Chrome and Opera), opacity, web fonts, etc. I also made the switch from XHTML 1.0 to HTML 5. Makes the markup a bit more semantic, and also has lots of new form input types. There’s not much support for those yet, but iPhone and iPad present optimized keyboards for e-mail and URL input fields. And since I own both an iPhone and an iPad, I also added some optimizations for those (and other) mobile devices.
As usual, the best experience will be had with recent versions of Safari, Chrome, Opera or Firefox (in that order). IE 7 and IE 8 work, but everything isn’t as nice. IE 6 users are served with a basic stylesheet so everything is at least legible. I can’t say anything about IE 9 yet, but it should rival the other modern browsers.
To conclude with, here’s a screenshot of the previous design for comparison.
To compare with even older designs, those can be found here.
Update, Saturday, September 18, 2010
Got rid of Shadowbox as well. Made a simple implementation myself. It currently only works with images, and not at all in Internet Explorer (problems with positioning, have to look into that). But it is very small: barely more than a hundred lines of (non-minified) code.