HackerTrans
TopNewTrendsCommentsPastAskShowJobs

antimeme

no profile record

comments

antimeme
·hace 4 años·discuss
Not a LITTLE sarcastically, no.

No one has yet provided evidence that privileged ports create even a single security issue. While there's lots of huffing and puffing in the original article (including someone confusing privileged ports with IP based authentication, which is effectively dead), the closest it gets is to say that dropping privileges in a server is a pain. And then they go on to show off a one line configuration change that would disable privileged ports system wide. So do that if it makes sense for you.

What doesn't make sense would be to abandon decades of practice that real people (more than three in Finland, actually) rely upon because some people are too lazy to make a trivial change to their systems. And let's get real: 99.9% of people are never going to want to run a web server on their computers. You're just arguing that your portion of that 0.1% -- let's be a LITTLE sarcastic and call them five penguins in Antarctica! -- are more important than the rest.
antimeme
·hace 4 años·discuss
Did you... actually read the article this comment responded to? Or even the comment you're replying to? The original article proposed making all ports non-privileged because most systems serve a single user in practice. Are you really going to argue that changing the port to 8080 is insecure because someone could snipe it but making all ports non-privileged is better because... now someone can snipe 80 as well?
antimeme
·hace 4 años·discuss
Stop pretending that non-technical users want to run web servers. That's just not a thing. What you're actually arguing is that some technical users are so important that making them tweak a default setting is too much to ask, but others are so insignificant that pulling the rug out from under them after decades of practice is perfectly reasonable. I disagree.

Do you not grasp WHY Let's Encrypt requires port 80 (for one particular challenge type)? Think about that for just one second. Okay I'll spell it out for you: the convention that ports under 1024 are privileged gives Let's Encrypt some confidence that privileged ports runs services sanctioned by the system administrator and not some tenant -- which is exactly the point I was making. So thanks for providing more support for my argument, I guess?

And while we're at it, can we stop pretending you care about user experience? You can't even be bothered to type those two words! You cite no studies and make no technical arguments. All you're offering is the claim that the default you prefer "should be preferred" based on your intuition.

I probably shouldn't even dignify your claim that people think port numbers in URLs mean they're being attacked with a response, but I'll bite. Do you have even a shred of evidence for this claim or did you just make it up on the spot? Obviously the latter, but if even if it were true the solution would be to educate people about what port numbers mean. Unless you want to argue that any feature of any internet service some people are confused about should be abolished? I guess we'll have to shut the entire internet down.

Changing the port number is a perfectly reasonable solution for many use cases, but it's far from the only option. Alternatives include CAP_NET_BIND_SERVICE, net.ipv4.ip_unprivileged_port_start, port mapping in containers and many more. Pick your favorite and stop wasting everyone's time.
antimeme
·hace 4 años·discuss
This article is nonsense. Privileged ports are a security feature. They have literally nothing to do with mainframes. On multi-user systems, they're incredibly important because they give external clients confidence that the services provided on them are authorized by the system and not just by any user -- some of whom may not be as trustworthy as others. Most systems in this era of cheap hardware are single user, BUT NOT ALL SYSTEMS. It's fine for Windows and Mac OS to do without them and it's fine to configure your own Linux system to disable them if that's what you want, but it's completely insane to argue that they're a security flaw because some people work around them using insecure practices. There are plenty of secure ways to work around them, most obviously by USING A NON-PRIVILEGED PORT. Start your service on port 8080, for example, and give out a URL like http://example.com:8080/path. It's really that simple. Take the time to understand the actual purpose of a feature before urging others to abolish it.
antimeme
·hace 6 años·discuss
Hello. I read your email to Tim Cook with interest and I sympathize with the plight of your company. But I wish you would treat other platforms with more respect.

To be clear, I'm glad you enjoy Apple products and I'm not trying to talk you out of that -- as if that were possible. But I do want you to understand that my experience with them is different than yours. Apple products don't delight me. I've tried them. Every time an iOS device ends up in my hands (something that happens way too often, including earlier today) it's a frustrating experience. They feel cold, uncaring and limited. Android has moved in this direction, getting more polished but less delightful over the years, but it's still a better experience for me.

Again, I'm not saying your feelings about Apple products aren't valid. They certainly are. I'm glad you've shared them and I admire your efforts to support the iOS platform. I just wish you respected people like me who don't experience technology the same way you do. I'm glad that iOS and Android products both exist in the market. There are audiences for both -- and then some.

And as for the web, we will have to agree to disagree. Not only do I think it's not dead, I don't think it will ever be dead. That's not something I'd say about either iOS or Android. The web can't go out of business or get bought. Anything it's missing can be added. The first web browser didn't support images! On the other side, it wasn't too long ago that people thought Blackberry was here to stay.

Clearly there are many features iOS and Android offer that are difficult to match with the web. For now. Clearly the development tools are more convenient than those available for the web. But there is one feature of the web that other platforms will never be able to match: it belongs to all of us. No one has to take a 30% cut of your revenue. No one gets to decide what you can and cannot make available. In your letter to Tim Cook you make it clear that you made use of that advantage yourself, even if you don't seem grateful. Freedom always comes at a price and it's up to you to decide whether it's a price worth paying. If it's not then develop for the platform you prefer. But please remember that there are people like me who think differently.