Programming | What programming language should I start with?

Page 2 of 3 [ 35 posts ]  Go to page Previous  1, 2, 3  Next


Was this helpful on you programming language selection?
Poll ended at 12 Jun 2014, 7:40 pm
Yes 33%  33%  [ 1 ]
No 67%  67%  [ 2 ]
Total votes : 3

Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 31
Gender: Male
Posts: 4,379
Location: Scandinavia

24 Mar 2014, 9:52 am

sliqua-jcooter wrote:
The valuable part of a computer is the data that lives on it, not the hardware.


To bad the root user in Linux has access to that as well. Most viruses aimed at private workstations, are just to annoy; and accessing the hardware would be a typical way to do so. The root user also has access to all files stored in the user-space, and can set both ownership and permissions.

Furthermore, since Linux doesn't care about file extensions, you can put malicious code in anything.

Quote:
The user doesn't care if a virus trashes their OS install, but they absolutely do care if their data is irretrievably gone. Your argument that an application can only do harm if it has access to the hardware is completely invalid.

Linux has had mechanisms to defend this type of access for a lot longer than Windows has had UAC - and it works better. I could give you the root password on my system, let you login - and you wouldn't be able to execute any binaries or look at any files.


If I get your password, I can just use chown and chmod and access these binaries anyway (or I could program something with the help of GCC/G++ which would do it for me). Most NT based Windows versions have had UAC.

Quote:
You mean NTLMv2 in the SAM? Or perhaps you're referring to the AES-256 hash used in the Active Directory LDAP directory. Give me a break.


NTLM is no longer used (because when someone actually does manage to reverse engineer a security system by Microsoft, it's either phased out or heavily modified). The security holes in SAM were filled after Windows 2000. For comparison, if I want your root password, I just need to decrypt what's inside etc/shadow. AES is developed by professional cryptographers and is a government approved standard.

You don't seriously believe that the billions Microsoft and Apple have spent on security are just for lulz?

Quote:
That's exactly the problem. Because only Microsoft can do security audits of their code, no one has any idea whether there are holes in it or not.


That's what hackers are paid to do.

Quote:
And if someone does find and disclose a vulnerability - everyone is left waiting for Microsoft to write and release a patch.


The security holes are typically fixed within hours, and the system will automatically download the update the next day.

Quote:
A security vulnerability disclosure for Linux almost always includes a patch - so someone wanting to patch a vulnerability on their system can pretty much do it immediately.

And then someone did, and a patch was released within hours. If any issue like that existed in Windows, no one would know until someone happened to trip over it.


After a series of buffer overflow attacks, that is.



Cornflake
Forum Moderator
Forum Moderator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 46,969
Location: Over there

24 Mar 2014, 1:49 pm

Kurgan wrote:
Furthermore, since Linux doesn't care about file extensions, you can put malicious code in anything.
:lmao: Ah, the gift that just keeps on giving...

There's so much more and I'd normally suggest someone stops digging - but in your case:
[img][200:200]http://kovaya.com/img/shovel.jpg[/img]


_________________
Giraffe: a ruminant with a view.


Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 31
Gender: Male
Posts: 4,379
Location: Scandinavia

24 Mar 2014, 2:47 pm

What's funny is that Linux fanboys actually resort to ridicule rather than to counter any arguments. I've yet to see a fanboy give me one good reason to switch to a desktop version of Linux. Malicious code has been injected in both picture files and PDFs in Linux.



Cornflake
Forum Moderator
Forum Moderator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 46,969
Location: Over there

24 Mar 2014, 7:01 pm

What's funny is the assertion that OS security is related to a filename.


_________________
Giraffe: a ruminant with a view.


sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 32
Gender: Male
Posts: 1,537
Location: Burke, Virginia, USA

24 Mar 2014, 7:36 pm

Kurgan wrote:
If I get your password, I can just use chown and chmod and access these binaries anyway (or I could program something with the help of GCC/G++ which would do it for me). Most NT based Windows versions have had UAC.


No, you can't.

Quote:
NTLM is no longer used (because when someone actually does manage to reverse engineer a security system by Microsoft, it's either phased out or heavily modified). The security holes in SAM were filled after Windows 2000. For comparison, if I want your root password, I just need to decrypt what's inside etc/shadow. AES is developed by professional cryptographers and is a government approved standard.


NTLM is both a hashing algorithm and an authentication mechanism. NTLM as used in authentication was phased out in favor of Kerberos for AD systems (developed at MIT for, you guessed it, unix systems) but the hash stored in SAM is still NTLM. And the NTLM hash is conveniently also used as the Kerberos encryption key. Pass-the-hash attacks are *still* possible with Windows.

You don't want to go toe-to-toe with me on AAA systems - it's a big part of my area of expertise.


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 31
Gender: Male
Posts: 4,379
Location: Scandinavia

24 Mar 2014, 8:54 pm

sliqua-jcooter wrote:
No, you can't.


If you use an open source distro which you haven't modified, then I can. If you have modified it, then of course it's a whole different matter.

Quote:

NTLM is both a hashing algorithm and an authentication mechanism. NTLM as used in authentication was phased out in favor of Kerberos for AD systems (developed at MIT for, you guessed it, unix systems) but the hash stored in SAM is still NTLM. And the NTLM hash is conveniently also used as the Kerberos encryption key. Pass-the-hash attacks are *still* possible with Windows.

You don't want to go toe-to-toe with me on AAA systems - it's a big part of my area of expertise.


Attacks are possible on any system, regardless of how secure it is; if enough intruders want to break into something, at least one will succeed. The fact that reverse engineering the security systems on Windows and publishing your findings is a felony, does a lot to prevent intruders, though. NTLM is depreceated, and isn't used in any Server version of Windows anymore.



Last edited by Kurgan on 24 Mar 2014, 9:00 pm, edited 2 times in total.

Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 31
Gender: Male
Posts: 4,379
Location: Scandinavia

24 Mar 2014, 8:58 pm

Cornflake wrote:
What's funny is the assertion that OS security is related to a filename.


I didn't say that it was directly related to a filename. Since you trick someone into installing a virus on Linux the same way as you do in Windows, you can put malignant code in PDF files and images, though, and not just .EXE files and archives. For this to be possible on Windows, you need to find a security hole or an exploit in the application that will load the file.



Cornflake
Forum Moderator
Forum Moderator

User avatar

Joined: 30 Oct 2010
Gender: Male
Posts: 46,969
Location: Over there

25 Mar 2014, 8:05 am

Well, have fun telling yourself that and playing with FUD and generalities.
"since Linux doesn't care about file extensions, you can put malicious code in anything"


_________________
Giraffe: a ruminant with a view.


sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 32
Gender: Male
Posts: 1,537
Location: Burke, Virginia, USA

25 Mar 2014, 3:08 pm

Kurgan wrote:
sliqua-jcooter wrote:
No, you can't.


If you use an open source distro which you haven't modified, then I can. If you have modified it, then of course it's a whole different matter.


Ever heard of SELinux? Obviously not...

Quote:
Attacks are possible on any system, regardless of how secure it is; if enough intruders want to break into something, at least one will succeed. The fact that reverse engineering the security systems on Windows and publishing your findings is a felony, does a lot to prevent intruders, though. NTLM is depreceated, and isn't used in any Server version of Windows anymore.


Rather than point out all the things that are wrong in those statements, it's going to be faster and easier for me to point out what's right. The first part of the first sentence is true. The rest is complete hogwash.


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 31
Gender: Male
Posts: 4,379
Location: Scandinavia

25 Mar 2014, 4:59 pm

sliqua-jcooter wrote:
Ever heard of SELinux? Obviously not...


Most people (the vast majority of computer users, who have no use whatsoever for a system where they can add modules or alter the kernel themselves) have no idea how to configure it. It also needs to be installed separatly, and thus, isn't present in most Linux desktops. Moreover, Operation Windigo has proven that SELinux can also be attacked.

Saying that Linux is safe because you CAN install SELinux, is like saying that any car is burstproof because you can buy an immobilizer for it.

Quote:
Rather than point out all the things that are wrong in those statements, it's going to be faster and easier for me to point out what's right. The first part of the first sentence is true. The rest is complete hogwash.


Apparently, you're not familiar with the laws the prohibit the disassembly of copyrighted, proprietary software. As far as NTLM goes: http://msdn.microsoft.com/en-us/library/cc236715.aspx.



sliqua-jcooter
Veteran
Veteran

User avatar

Joined: 25 Jan 2010
Age: 32
Gender: Male
Posts: 1,537
Location: Burke, Virginia, USA

25 Mar 2014, 6:22 pm

Kurgan wrote:
Most people (the vast majority of computer users, who have no use whatsoever for a system where they can add modules or alter the kernel themselves) have no idea how to configure it. It also needs to be installed separatly, and thus, isn't present in most Linux desktops.


Wrong *again*. Not only does every major linux distribution include SElinux, RHEL/CentOS/Fedora turn it on *by default* with a permissive configuration, and locking it down is as simple as installing a different configuration that the distributions also provide.

But you conveniently also changed the parameters of the initial inquiry. I told you that I could give you the root credentials for my linux box, and you wouldn't be able to execute any commands or access any file. Then you started going off at the mouth about how you could. Rule number 1: You never open your mouth 'till you know what the shot is.

Quote:
Apparently, you're not familiar with the laws the prohibit the disassembly of copyrighted, proprietary software.


I am *intimately* familiar with copyright law. The thing about copyright is that it contains a little something called "fair use". I suggest you look it up. The jist of it is this: reverse engineering something is not the illegal part - the illegal part is making money off it.

Quote:


Like I already tried to explain to you once, NTLM is not just an authentication protocol. It is *also* a hash. So, while the NTLM protocol is no longer used for authentication, the hashes that are stores in the account database on your computer are NTLM. The thing is, I know a little something about security systems. I know what I'm talking about, and I'm not desperately trying to google stuff to back up the blubber coming out of my mouth. This link (http://www.microsoft.com/security/sir/s ... ord_hashes) contains a nice table of the hash mechanisms in use by all Windows systems. I suggest you choke on it.


_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned.


MrOddBall
Velociraptor
Velociraptor

User avatar

Joined: 3 Feb 2014
Age: 120
Gender: Male
Posts: 426
Location: Here, there, and everywhere

25 Mar 2014, 7:54 pm

Kurgan wrote:

I'd recommend C# in favour of Java (with Xamarin, whatever you write in C# will also run well on Android and iOS). When it comes to C, I find that C++ is superior; having classes and objects really make development easier. :)

For an excellent demonstration of what JavaScript can do, check out some of the WebGL tech demos. I really like this one.


Don't forget the other options like Python and Ruby, which are easier to start off with because C or C++ might be a bit intimidating for a beginner, but Java is okay I suppose ...

The OP should check out Pygame if he has the chance :D It's python for creating games with everything you need, plus documentation on writing games :)



polarity
Veteran
Veteran

User avatar

Joined: 15 Feb 2006
Age: 41
Gender: Male
Posts: 507
Location: PEBKAC

26 Mar 2014, 4:02 am

sliqua-jcooter wrote:
I am *intimately* familiar with copyright law. The thing about copyright is that it contains a little something called "fair use". I suggest you look it up. The jist of it is this: reverse engineering something is not the illegal part - the illegal part is making money off it.


The law is also affected by this little thing called jurisdiction. There are plenty of people who aren't remotely concerned about it being a felony to disassemble Windows, because they don't live in the U.S.


_________________
You aren't thinking or really existing unless you're willing to risk even your own sanity in the judgment of your existence.


Kurgan
Veteran
Veteran

User avatar

Joined: 6 Apr 2012
Age: 31
Gender: Male
Posts: 4,379
Location: Scandinavia

26 Mar 2014, 3:06 pm

sliqua-jcooter wrote:
Wrong *again*. Not only does every major linux distribution include SElinux, RHEL/CentOS/Fedora turn it on *by default* with a permissive configuration, and locking it down is as simple as installing a different configuration that the distributions also provide.


Fedora, CentOS and RHEL, I have no experience with. Nevertheless, they all have less than 10% of the Linux desktop share combined. It wasn't present in neither Ubuntu or Slackware back when I was using it--and thus, simply knowing the root password gave me full power of a computer. Because of this, making malware was basically a DYI activity.

Quote:
But you conveniently also changed the parameters of the initial inquiry. I told you that I could give you the root credentials for my linux box, and you wouldn't be able to execute any commands or access any file. Then you started going off at the mouth about how you could. Rule number 1: You never open your mouth 'till you know what the shot is.


Technically, with your root password, I could disable SELinux, but I don't think it's easy to make a virus or a worm that does it for you. My initial inquiry was that anyone with the root password could do pretty much anything inside Linux; implementing a keylogger is no big deal if you pass it as on as a workaround for SecuROM, a codek, an experimental driver, and so on (something you'd also have to do in Windows)--and you can also get the password by decrypting etc/shadow.

Quote:
I am *intimately* familiar with copyright law. The thing about copyright is that it contains a little something called "fair use". I suggest you look it up. The jist of it is this: reverse engineering something is not the illegal part - the illegal part is making money off it.


Fair use grants you the right to disassembly it for educational purposes, not to use it yourself in open-source code, publish it on the internet, pass it on to a large group of people, sell it, etc.

Quote:
Like I already tried to explain to you once, NTLM is not just an authentication protocol. It is *also* a hash. So, while the NTLM protocol is no longer used for authentication, the hashes that are stores in the account database on your computer are NTLM. The thing is, I know a little something about security systems. I know what I'm talking about, and I'm not desperately trying to google stuff to back up the blubber coming out of my mouth. This link (http://www.microsoft.com/security/sir/s ... ord_hashes) contains a nice table of the hash mechanisms in use by all Windows systems. I suggest you choke on it.


I'm not googling stuff to back up my claims. If you know the basics of C/C++, making malware is a DYI activity. A virus is put in place the exact same way in Linux as in Windows (i.e. the admin makes a careless mistake). The problem with Linux is what a virus could potentially do; in Windows, it's limited to terminating user-space processes without my consent or encrypting files that have copies on GitHub.

The link you posted just explained how the hashes worked; it didn't show any C/C++ code on how they were implemented.



MrOddBall
Velociraptor
Velociraptor

User avatar

Joined: 3 Feb 2014
Age: 120
Gender: Male
Posts: 426
Location: Here, there, and everywhere

27 Mar 2014, 12:01 pm

*Grabs a bag of popcorn* This is entertaining :D