dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
868
share rss forum feed


Ugly
Fishy Cool Bird

join:2001-12-12
The Meadow
reply to Thinkdiff

Re: screen shots and reviews

said by Thinkdiff:

I need to do more on my routers than the original firmware allows

That sounds like a good reason. Who am I to judge?

So why do you trust...
said by Thinkdiff:

an open-source router firmware that can be modified by anyone (Tomato)?


--
Oh, I love the smell of fish. Guts, rotten, it's all good.


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

3 edits

1 recommendation

That's not my point.

If you don't trust Apple, why would you trust Hands Off or Tomato, especially Tomato? They are a lot more susceptible to government or hacker intrusion than a large, powerful corporation that lives/dies on consumer use of their products.

Edit: I don't see this going anywhere. Everything that needed to be said has been said, so I'll just say - of course, you're free to use whatever programs or OS's you want. Nobody is saying you shouldn't. We're (or at least I'm) just trying to point out the incredible hypocrisy of not trusting Apple while giving quite a lot of trust to independent and open source projects. We're also trying to prevent a lot of unnecessary headache and inconvenience involved with what amounts to technology "security theater", to borrow a term.

--
University of Southern California - Fight On!



Ugly
Fishy Cool Bird

join:2001-12-12
The Meadow

said by Thinkdiff:

If you don't trust Apple, why would you trust Hands Off or Tomato, especially Tomato?

My opinion is that the use of one to control or mitigate the weaknesses of the other is a way, at least, to become aware of issues.

This is better than blind trust. I prefer, Trust but verify. That's my take.
--
Oh, I love the smell of fish. Guts, rotten, it's all good.


Ugly
Fishy Cool Bird

join:2001-12-12
The Meadow
reply to Thinkdiff

said by Thinkdiff:

Little Snitch seems more popular than Hands Off. Never heard of it.

I read a head-to-head review/comparison of these.

You're right. Little Snitch is better known.
These are quite similar, so the point is if anyone knows about the other less known, please?

Hopefully, someone will post on their experience, good or bad.
--
Oh, I love the smell of fish. Guts, rotten, it's all good.


Ugly
Fishy Cool Bird

join:2001-12-12
The Meadow
reply to Thinkdiff

said by Thinkdiff:

We're also trying to prevent a lot of unnecessary headache and inconvenience involved with what amounts to technology "security theater", to borrow a term.

Well thank you for your concern.

This is stressful, you are quite right, to be called names and experience criticism for asking mac-related questions.

All this hostility and conflict makes me wonder if this is a good place to get help and has hurt my feelings.

Your compassion is indeed appreciated. Thank you!
--
Oh, I love the smell of fish. Guts, rotten, it's all good.


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1

1 recommendation

reply to Ugly

said by Ugly:

• How is Tomato better please?
Better than the Linksys "stateful packet inspection" feature even?

I prefer Tomato over the normal Linksys firmware because of the additional controls and bandwidth maps it offered. Tomato doesn't offer any more security features. I only mentioned Tomato because that's the closest I've come to using custom firmware on commercial hardware (outside of hobby projects).

At the end of the day, if you don't trust Apple (or Microsoft) then you shouldn't use their product at all. But if you want to independently verify that you can trust Apple (or Microsoft), then you need to independently verify the network traffic that goes in and out of the computer using a physically separate device. If you don't trust OS X (or Windows), then you sure as hell can't trust any software you install on top of OS X (or Windows). You need a separate device that you can use to inspect the network traffic, and a router with a security focused firmware would do the trick. I don't know of any off the top of my head. Tomato is a custom firmware that offers more user features, there's nothing it adds security wise.
--
less talk, more music
Expand your moderator at work


Ugly
Fishy Cool Bird

join:2001-12-12
The Meadow
reply to Thinkdiff

Re: screen shots and reviews

said by Thinkdiff:

why would you trust Hands Off or Tomato, especially Tomato? They are a lot more susceptible to government or hacker intrusion than a large, powerful corporation that lives/dies on consumer use of their products.

Perhaps a fair question. So I will try to answer politely, which is only my opinion.

Based in this, »www.wired.com/2014/04/nsa-heartbleed/ from Wired and many other sources, the very fact that so many people (as you write correctly) are connected to a particular corporation by use of one product, is PRECISELY why these users are considered as a high-value and priority target by nasty and nefarious folks one wishes to deter. So yes, I agree with you.

But we differ in that I do not suspect or accuse Apple of wilfully or knowingly helping hackers. Or maybe we agree on this too? ~ However, it is obvious that their large userbase presents an inviting, juicy target of great opportunity for criminals, both in and out of government.

So I feel there is a clear tradeoff with mac, of some (granted, perhaps less than Windows) security risk for better user experience, features, and so forth.
said by Thinkdiff:

incredible hypocrisy of not trusting Apple while giving quite a lot of trust to independent and open source projects.

I disagree completely! One does not replace trust in one with the other. These two (OS-X and, say Tomato, as example) work together, in a dynamic balance. One checks the other.

I give credit to Ctrl Alt Del See Profile for this, who says it way better than I can, and hopefully resolves the matter in a friendly way:
said by Ctrl Alt Del:

But if you want to independently verify that you can trust Apple (or Microsoft), then you need to independently verify the network traffic that goes in and out of the computer using a physically separate device. If you don't trust OS X (or Windows), then you sure as hell can't trust any software you install on top of OS X (or Windows). You need a separate device that you can use to inspect the network traffic, and a router with a security focused firmware would do the trick.

Thank you Ctrl Alt Del See Profile! That's it, exactly.

Moreover, I know that some software firewalls (from my Windowz experience at least) verify hash or checksum of individual components of all software installed on the puter and even the operating system! ~ You see, one well known way that hackers (like NSA, #%^k them!) get you is by altering or replacing a common software or part of the OS with a customized file replacement. A rigorous hash/checksum verification helps to prevent this.

I believe (again from Windowz experience) that the ESET firewall product does this very well. And when a file is updated, even in the OS, then I recall how I was asked to reapprove it.
Of course, there is the ordinary rules-based network communication management too, which is the bread and butter purpose of/for a firewall. That works for me!
Nowhere near "babysitting," for each and every communication in or out -- yet far, far better than trust based in fanatical, extremist faith.

It remains to be seen if Little Snitch and Hands Off! offer this functionality. We'll see. One hopes this has cleared up debated issues, to allow closer focus on stopping the bad guys. Cheers, Ugly
--
Oh, I love the smell of fish. Guts, rotten, it's all good.


onebadmofo
gat gnitsoP
Premium
join:2002-03-30
Reading, PA
kudos:1
reply to Ugly

So is this topic no longer about email? ...just wondering because, that was the original question.



dennismurphy
Put me on hold? I'll put YOU on hold
Premium
join:2002-11-19
Parsippany, NJ
kudos:3
Reviews:
·Verizon FiOS

1 recommendation

reply to Ugly

said by Ugly:


Moreover, I know that some software firewalls (from my Windowz experience at least) verify hash or checksum of individual components of all software installed on the puter and even the operating system! ~ You see, one well known way that hackers (like NSA, #%^k them!) get you is by altering or replacing a common software or part of the OS with a customized file replacement. A rigorous hash/checksum verification helps to prevent this.

You mean, like Mac OS X's built in code signing (which includes the OS itself?)

This is stuff the Mac does by default. Not an add-on, not some third party tool, but built in at the lowest level. Heck, even the OS kernel is signed.


Ugly
Fishy Cool Bird

join:2001-12-12
The Meadow

said by dennismurphy:

You mean, like Mac OS X's built in code signing (which includes the OS itself?)

Wow! ~ That's an awesome thing to learn.
Thank you Dennis!

I had recently asked the developer of some firewalls about this and have yet to hear from them.

Of course, a solution that relies on just one manufacturer is still open to suspicion, as already discussed.
--
Oh, I love the smell of fish. Guts, rotten, it's all good.


dennismurphy
Put me on hold? I'll put YOU on hold
Premium
join:2002-11-19
Parsippany, NJ
kudos:3
Reviews:
·Verizon FiOS

Unless you have a chip fab plant in your basement, you have to trust SOMEONE. I've thrown my trust in with Apple. There are worse choices.

Life is about compromise; Apple's ecosystems fits my work stream and requirements best. There is no 'one size fits all'.

If you're really concerned about privacy, go buy an Itanium or AlphaServer and load OpenVMS. Or, better yet, HP (Tandem) NonStop



Ugly
Fishy Cool Bird

join:2001-12-12
The Meadow

said by dennismurphy:

If you're really concerned about privacy,

Goodness. These days, who isn't?

I'm just a patriotic American, proud to help our government better obey the Law and Constitution, simply by making it as difficult and wasteful of resources as possible, if and when this is done without the required probable cause and warrant. Clearly they need help in this. Hence, I often include silly joke words in posts, like president nuclear attack jihad bomb, and so on. F^(# the NSA!

My goal is to do this with consumer level and ordinary products arranged in the way to maximize my own safety from other more common yet similarly criminal hackers interested in ordinary economic crimes like identity theft, account spoofing, phishing, etcetera.

When you think about it; criminality under color of law is the more hienous crime, as this is an abuse of the Public Trust and violates an Oath to Uphold the Constitution. At least the economic criminals are true to their own ethics. Why has no one gone to jail over this yet?

My contempt for such violations of Law as Posse Comitatus, as witnessed over past few days in Nevada, a la Reid and BLM versus Bundy and The People is incandescent, but perhaps off topic. Ditto for NSA, just not as obvious right now.

Thanks for a great suggestion Dennis!
--
Oh, I love the smell of fish. Guts, rotten, it's all good.


Ugly
Fishy Cool Bird

join:2001-12-12
The Meadow
reply to dennismurphy

said by dennismurphy:

You mean, like Mac OS X's built in code signing (which includes the OS itself?)

This is stuff the Mac does by default. Not an add-on, not some third party tool, but built in at the lowest level. Heck, even the OS kernel is signed.

said by Ugly:

It remains to be seen if Little Snitch and Hands Off! offer this functionality.

A response with a direct answer to the question was just received and - tada! - this shows that Dennis is right, again.
Bravo and thanks Dennis! You rock!

said by Ugly:
Another polite question about Hands Off:
Does the HO! firewall sw monitor installed programs and give an alert if/upon the change in a checksum or hash of a monitored component?
If 'yes,' does this function also apply to components of OS-X operating system that send/receive network communications, please?

Thank you!
said by HandsOffSupport :
No it doesn't.
--
Oh, I love the smell of fish. Guts, rotten, it's all good.


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
reply to Ugly

just remember: there is a fine line between concern for privacy and paranoia. where this line exists is an exercise for the reader. however -- in order for constructive and on-topic responses, the reader must consider the lines of those he is asking. otherwise -- this devolves into a tinfoil hat wearing contest.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."



Ugly
Fishy Cool Bird

join:2001-12-12
The Meadow

Agree. Thanks for your kindness to this n00b.
As this IS the Apple forum, perhaps I'll grow to share the enthusiasm.

Please note that questions are a specified request for individualized learning and not, so far as I know, any sort of criticism, even by implication.

On the other hand, if one had seen me as a fledgling, perhaps one wold have glimpsed me with a funny hat too.
--
Oh, I love the smell of fish. Guts, rotten, it's all good.