Is Arch's future more secure than Gentoo's present???

Similar Messages

• Should I upgrade to Macericks now from 10.6.8 on my i-Mac(mid 2007, core 2 duo?). Will Mavericks be more secure than 10.6.8 ? 10.6.8 has been great, it runs great with all my apps but am concerned about future supportibility?

  Should I upgrade to Mavericks now from 10.6.8 (i-Mac, mid 2007, core 2 duo)? Will Mavericks be more secure than 10.6.8 ?  I have the latest version of 10.6.8 and have upgraded my memory to 4GB. This could be one reason for me to make the move now.
  10.6.8 has been great, it runs great with all my apps but am concerned about lack of support now. I know my PC apps will not work but maybe some apps that work now will "walk away" from 10.6.8 and then there's the security question of above.
  I am also concerned about iPhoto 9 transition to i-Photo 11 and compatibility of my Time Machine WD Passport HD (format: Mac OS Extended (Journaled) based on several questions in applicable forums.
  Thanks for your help in this important decision!

  If I were you I would stick with Snow Leopard. It's much better suited to your old hardware. That said:
  Upgrading from Snow Leopard to Lion or Mavericks
  To upgrade to Mavericks you must have Snow Leopard 10.6.8, Lion, or Mountain Lion installed. Purchase and download Mavericks (Free) from the App Store. Sign in using your Apple ID. The file is quite large, over 5 GBs, so allow some time to download. It would be preferable to use Ethernet because it is nearly four times faster than wireless.
       OS X Mavericks- System Requirements
         Macs that can be upgraded to OS X Mavericks
           1. iMac (Mid 2007 or newer) — Model Identifier 7,1 or later
           2. MacBook (Late 2008 Aluminum, or Early 2009 or newer) —
               Model Identifier 5,1 or later
           3. MacBook Pro (Mid/Late 2007 or newer) — Model Identifier 3,1 or later
           4. MacBook Air (Late 2008 or newer) — Model Identifier 2,1 or later
           5. Mac mini (Early 2009 or newer) — Model Identifier 3,1 or later
           6. Mac Pro (Early 2008 or newer) — Model Identifier 3,1 or later
           7. Xserve (Early 2009) — Model Identifier 3,1 or later
  To find the model identifier open System Profiler in the Utilities folder. It's displayed in the panel on the right.
  Are my applications compatible?
           See App Compatibility Table — RoaringApps.
  Upgrading to Lion
  If your computer does not meet the requirements to install Mavericks, it may still meet the requirements to install Lion.
  You can purchase Lion at the Online Apple Store. The cost is $19.99 (as it was before) plus tax.  It's a download. You will get an email containing a redemption code that you then use at the Mac App Store to download Lion. Save a copy of that installer to your Downloads folder because the installer deletes itself at the end of the installation.
       Lion System Requirements
         1. Mac computer with an Intel Core 2 Duo, Core i3, Core i5, Core i7,
             or Xeon processor
         2. 2GB of memory
         3. OS X v10.6.6 or later (v10.6.8 recommended)
         4. 7GB of available space
         5. Some features require an Apple ID; terms apply.

• Is application developed by servlet more secure than jsp?

  jsp has appeared, but someone still use servlet.
  Those reason is that servlet can make application higher security. Is it true?

  Servlets are no more secure than JSPs, because JSPs are servlets - they're just another way of building the same thing. There is nothing you can do in a JSP that you can't do in a servlet or vice versa.
  Why switch to or from JSPs or servlets? - you should be using both. Use servlets for heavy processing logic and JSPs for presentation (MVC pattern). That way you get maximum separation of logic and presentation. You can pretty much let HTML developers work normally, then come along afterwards and stick a little bit of Java code in the page to make it all dynamic. Better still, you can create easy-to-use custom tags that your HTML developers can easily understand without needing any programming experience. This leaves you free to work on the logic in the back-end.

• Is firefox ACTUALLY more secure than Internet Explorer 8?

  Hello Mozilla forum members. I am currently a Firefox user. An NSSLabs test claims Internet Explorer 8 is the most secure web browser. Some other sources also agree. Can anyone tell me if this is true? Thanks!
  Here is the link: http://nsslabs.com/test-reports/NSSLabs_Q12010_BrowserSEM_Summ_FINAL.pdf
  == I was browsing through the Microsoft site and the NSSLabs site.

  Depends on how much you want to trust a company that has a history of accepting vendor funding, like from M$.
  http://www.thetechherald.com/article.php/200912/3268/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8
  http://www.networkworld.com/news/2009/091009-nss-labs-independent-testing.html
  And you need to question why they were testing Firefox 3.5.7 in January 2010 when the very stable beta 4 of Firefox 3.6 was available at that time. I was using 3.6b4 and <u>'''never'''</u> had a problem.
  AND......'''~~red:they were not testing the browsers~~'''. <u>'''What, you say?'''</u>
  Look at footnote 1 on page 3 of the full report ( http://nsslabs.com/test-reports/NSSLabs_Q12010_GTRBrowserSEM_FINAL.pdf ):
  '''''Note: This study does not evaluate browser security related to vulnerabilities in plug-ins or the browsers themselves.'''''
  So what was NSS Labs testing? Section 1 (pages 5-6) explains that. Reading Section 1.2, they were testing the ability of Google Safe-Browsing (in the case of Firefox) and the protection that it affords in keeping users from even getting onto malicious sites. I do not know what the other tested browsers use for comparable protection. Do you? I would not depend on Google Safe Browsing or any other such service for my full protection. Would you?
  Moving on, read Section 2.1.1 carefully...."''1,756 potentially malicious sites''" pared down to 562 sites, but their methodology in choosing the 562 sites is not explained. What if the other 1,194 sites had been included? Would it have changed the results or conclusions reached? You should be saying "Hmmmmmmmm" at this point.
  Do yourself a favor:
  -Read such reports carefully and <u>'''in full'''</u> (not just the summary) with your brain "in-gear".
  -Keep all of your system defenses up-to-date, firewall, AV/AS, scan regularly with multiple scanners (none is 100% correct, 100% of the time). IMPORTANT: Never run over-lapping security applications (i.e., 2 firewalls, 2 anti-virus/anti-spyware) at the same time. Two is NOT better than one in this case.
  -Do you know what '''services''' and '''processes''' are running on your system, why they are running and what the function of each might be? Do you '''actively''' monitor incoming and outgoing connections? Do you log connections and review them?
  -Don't visit questionable sites (porn, warez, less than legal music and video download sites, etc.)
  -Base part of your judgement on your own experience; have you experienced any security related problems with what you are using? If so, then make a change <u>'''NOW'''</u>!
  Good luck.

• UAG DirectAccess more secure than 2012 DirectAccess in edge scenario by default ?

  I installed 2012 DirectAccess in Edge configuration, first interface connected to intranet and second interface connected to internet.
  When I did port scanning from internet, to my suprise there is about 1000 port open to internet. 85% are high ports, and rest are well-know ports.
  Ports like tcp 3389, tcp 135, tcp 445 are open to everybody by default.
  Isn't this enormous security issue ? At least it should be mentioned somewhere ?
  So options are, you manually configure windows firewall rules or you put your DirectAccess server behind edge firewall, or you build you DirectAccess with NAT.
  With UAG DirectAccess you really did not have this problem, you opened to internet only the few ports that were needed for DirectAccess. UAG DirectAccess was easily built
  without an edge firewall.
  Thanks,
  -oraat

  Hi, Although technically Windows has a very good firewall a DirectAccess Server is an Edge device that should always be located behind a front-end firewall. And optionally in front of a back-end firewall. Maybe the following post I have answered provides
  you a bit more information:
  UAG to 2012 R2 - Edge Device concern
  https://social.technet.microsoft.com/Forums/forefront/en-US/bf3a5e9a-6f06-4e72-a907-67df1672224e/uag-to-2012-r2-edge-device-concerns?forum=forefrontedgeiag
  Boudewijn Plomp, BPMi Infrastructure & Security
  Please remember, if you see a post that helped you please click "Vote as Helpful" and if it answered your question, please click "Mark as Answer".

• Anything more secure than a password protected .img created in disk utility

  subject says all.
  Message was edited by: dnaginzter

  256-bit encryption is what SSL certificates use (the "lock" symbol you see when you go to a banking website). They're highly regarded in the industry as pretty much the pinnacle of practical encryption.
  Again, the password is usually the weak spot. Even with 256-bit encryption, if your password is "password" or "12345", a cracker will be able to access your files pretty quickly.
  As usual, there's an xkcd page for this situation.
  Matt

• Is Firefox x64 more secure against Malware attacks than Firefox x32?

  I have a Windows 7 Home Premium SP1 x64 computer. It is my understanding that Windows 7 HP SP1 x64 is more secure against Malware-Virus attacks then Window 7 HP SP1 x32.
  I am using Firefox 6.0B2 x32 and just started also using Firefox 8.0A1 x64. Both are working fine.
  Is the x64 version of Firefox more secure than the x32 version against Malware-Virus attacks on a Windows 7 SP1 x64 computer simply because it is x64.

  No, it isn't.

• IPhone 4 - More secure restrictions passcode

  Hello All,
  We're just about to equip our 16 year old with an iPhone 4 ... I've gone through and setup certain restrictions on the phone, assigned the required passcode ... however, is there any way at all to enable something more secure than just a 4 digit code?  In the end, a 16-year old and enough banging away on it and sooner or later they'll crack it, given only 4 digits.
  Appreciate all advise and guidance.
  Ken

  I don't believe so. If you have that little trust for your 16 year old, perhaps you should not be giving them a smartphone to begin with.

• Hi all, just downloaded a security update on my new iphone 4S.  The phone may be more secure but all the Aps icons have been downgraded in quality. Why would this be and how can I get smart looking aps back? Regards Steve

  Hi all, just downloaded a security update on my new iphone 4S.  The phone may be more secure but all the Aps icons have been downgraded in art quality why would this be.  Before the download the phone looked the business definitely high end quality now it looks like a second rate cheapo.  Please advise how to get the smart Aps icons back. Best regards SuttertonSteve

  Hi KiltedTim, as a newbie to Apple, iphones and forums I would appreciate an explanation of the 'Trolls and Mods' comments on your posting.  I presume the Mods are Apple sentinels but am I really a Troll just because I made a criticism of the new iOS version (even though I did not know I was actually doing that).  Am I a Troll to you because you personally disapprove of criticism of the new iOS or is Troll used by the community to describe anyone who speaks up if they are not happy about a change.  Please understand that by asking these questions it is not my intention to be confrontational (I’ve been called far worse than a Troll over the years) but as I’m new to the group an insight into the politics may be beneficial.  I’m an Old **** who isn’t technically gifted and may need the help of this group in the future so I don’t want to stand on anyone’s toes. Best regards Suttertonsteve.  

• Disk Utility: for bad blocks on hard disks, are seven overwrites any more effective than a single pass of zeros?

  In this topic I'm not interested in security or data remanence (for such things we can turn to e.g. Wilders Security Forums).
  I'm interested solely in best practice approaches to dealing with bad blocks on hard disks.
  I read potentially conflicting information. Examples:
  … 7-way write (not just zero all, it does NOT do a reliable safe job mapping out bad blocks) …
  — https://discussions.apple.com/message/8191915#8191915 (2008-09-29)
  … In theory zero all might find weak or bad blocks but there are better tools …
  — https://discussions.apple.com/message/11199777#11199777 (2010-03-09)
  … substitution will happen on the first re-write with Zeroes. More passes just takes longer.
  — https://discussions.apple.com/message/12414270#12414270 (2010-10-12)
  For bad block purposes alone I can't imagine seven overwrites being any more effective than a single pass of zeros.
  Please, can anyone elaborate?
  Anecdotally, I did find that a Disk Utility single pass of zeros seemed to make good (good enough for a particular purpose) a disk that was previously unreliable (a disk drive that had been dropped).

  @MrHoffman
  As well pointed your answers are, you are not answering the original question, and regarding consumer device hard drives your answers are missleading.
  Consumer device hard drives ONLY remap a bad sector on write. That means regardless how many spare capacity the drive has, it will NEVER remap the sector. That means you ALWAYS have a bad file containing a bad sector.
  In other words YOU would throw away an otherwise fully functional drive. That might be reasonable in a big enterprise where it is cheaper to replace the drive and let the RAID system take care of it.
  However on an iMac or MacBook (Pro) an ordinary user can not replace the drive himself, so on top of the drive costs he has to pay the repair bill (for a drive that likely STILL is in perfect shape, except for the one 'not yet' remaped bad block)
  You simply miss the point that the drive can have still one million good reserve blocks, but will never remap the affected block in a particular email or particular song or particular calendar. So as soon as the file affected is READ the machine hangs, all other processes more or less hang at the same moment they try to perform I/O because the process trying to read the bad block is blocking in the kernal. This happens regardless how many free reserve blocks you have, as the bad block never gets reallocated, unless it is written to it. And your email program wont rewrite an email that is 4 years old for you ... because it is not programmed to realize a certain file needs to be rewritten to get rid of a bad block.
  @Graham Perrin
  You are similar stubborn in not realizing that your original question is awnsered.
  A bad block gets remapped on write.
  So obviously it happens at the first write.
  How do you come to the strange idea that writing several times makes a difference? How do you come to the strange idea that the bytes you write make a difference? Suppose block 1234 is bad. And the blocks 100,000,000 to 100,000,999 are reserve blocks. When you write '********' to block 1234 the hard drive (firmware) will remap it to e.g. 100,000,101. All subsequent writes will go to the same NEW block. So why do you ask if doing it several times will 'improve' this? After all the awnsers here you should have realized: your question makes no sense as soon as you have understood how remapping works (is supposed to work). And no: it does not matter if you write a sequence od zeros, of '0's or of '1's or of 1s or of your social security number or just 'help me I'm hold prisoner in a software forum'.
  I would try to find a software that finds which file is affected, then try to read the bad block until you in fact have read it (that works surprisngly often but may take any time from a few mins to hours) ... in other words you need a software that tries to read the file and copies it completely, so even the bad block is read (hopefully) successful. Then write the whole data to a new file and delete the old one (deleting will free the bad block and ar some later time something will be written there and cause a remap).
  Writing zeros into the bad block basically only helps if you don't care that the affected file is corrupted afterwards. E.g. in case of a movie the player might crash after trying to display the affected area. E.g. if you know the affected file is a text file, it would make more sense to write a bunch of '-' signs, as they are readable while zero bytes are not (a text file is not supposed to contain zero bytes)
  Hope that helped ;)

• Which is less/more secure, Mac OS 10.4.11 or Mac OS 10.6.8?

  I understand that both Mac OS 10.4.11 and Mac OS 10.6.8 have security holes, and that 10.4.11 is no longer supported.  If neither 10.4.11 nor 10.6.8 are supported, and if unpatched vulnerabilities in 10.6.8 are worse than those in 10.4.11, then I presume that, because fewer people use 10.4.11, nobody will attack it, whereas many people use 10.6.8 which makes it more attractive to hackers.
  Therefore, my question is this:  did 10.5.x and/or 10.6.x (and their respective Safari versions) introduce new security vulnerabilities that are not present in 10.4.11, or are all of Snow Leopard's (or Safari 5.1.10's) critical security vulnerabilities inherited from earlier versions such as Tiger?

  Most people would likely disagree with me, & although higher versions of OSX got Security fixes, I think older is or can be made more secure.
  TenFourFox for PPC & Firefox for Intel is a more advanced Browser than Safari in either version.
  I consider Little Snitch essential for security also in 10.4.11 to 10.10.2
  There are also some security fixes for 10.4, 10.5, 10.6 that you can apply yourself, here's a link to Bash fixes & maybe ntpd fixes...
  For 10.4/10.5 PPC...
  http://tenfourfox.blogspot.com/2014/09/bashing-bash-one-more-time-updated.html
  For 10.6...
  http://x704.net/bbs/viewtopic.php?f=12&t=7156&p=89620&hilit=bash#p89620

• Is more security needed with no default getaway?

  Hi!
  I have base only Arch installation for running one Linux compatible application on it. I wander with two questions.
  Do I need to configure through iptables command to get more security or it is unnecessary as I have no default getaway and have route added for two subnets?
  If using iptables is addhelpful in my case how can I install iptables (my Arch base installation writes "not found")? I need short instruction.
  Thank you!

  ralvez wrote:If your system is connected to a network (LAN) and has NO OPEN ports via services, in other words: you are not running a mail service or Apache server, then just enter "ALL:ALL" in /etc/hosts.deny  and that's all you need.
  My system is connected to Internet directly. I have forwarded one TCP and one UDP port. My DSL modem does not allow me to prevent inbound traffic by its firewall (it is not possible to forward ports for special IP addresses/subnets, ports are always open for all IPs for inbound traffic) This is the reason I removed default getaway in Arch and added two needed subnets (It helped me really. My system was overloaded with unwanted traffic. Now unwanted traffic flow is stopped)
  ralvez wrote:If you want to have ssh access to that box you can add the IP address of the machine you want to allow to connect to that box in /etc/hosts.allow
  What do you mean by "ssh access to that box"?
  ralvez wrote:but if you want to "push" the boundaries any further I would add a firewall via IPTABLES
  Yes, I want more security as possible but do I need it in my case? (I do not know)

• Hi i  insttalled the free trial 3O days MacScan on OsX10.5 is it normal that for full scaning it takes so long time more even than one day?! on the other hand this application hasn't any uninstaller on image disc ,so how can i uninstal it from my hard?

  Hi i  insttalled the free trial 3O days MacScan on OsX10.5 is it normal that for full scaning it takes so long time more even than one day?! on the other hand this application hasn't any uninstaller on image disc ,so how can i uninstal it from my hard?Thanks

  Get rid of the tracking cookies. They are used to profile and track your browsing history. While they are privacy invading, by calling them spyware, MacScan is being a little dramatic in trying to sell you its crap. And in the future, for whatever browser you use, don't allow third-party cookies.
  To prevent tracking, get Ghostery. In addition to having Ghostery and forbidding third-party cookies, I clear out all cookies from one browsing session to another. If you always do that, you won't have any tracking cookies to worry about, so you won't need MacScan to find them for you. Btw, MacScan finds the tracking cookies in the first few minutes of scanning; if you want to use it for that, then that's all the time you need to run it for. But, as I said, you won't have any tracking cookies around if you just remove all cookies and don't allow third-party cookies. As soon as you visit a site that needs them, you'll just get new ones. No problem.
  Read all about cookies here.
  http://en.wikipedia.org/wiki/HTTP_cookie

• From what vendors i can get more security provider in addition oracle seurity provider ??

  hi all    
  need to more security provider that produced by vendors other than oracle         
  please help me
  thanks a lot

  You can develop your own custom providers
  Simple Sample Custom Database Authenticator for Oracle Weblogic Server 11g
  http://weblogic-wonders.com/weblogic/2014/01/13/simple-sample-custom-identity-asserter-weblogic-server-12c/

• Refresh portlet report more frequently than once per hour

  When you publish a report from discoverer in the portal, you can tell it to automatically refresh, but the most frequent refresh it allows is once per hour. Is there some way I can refresh a report more frequently than that? Can I use the scheduled workbook functionality to achieve this, since in there you can schedule it to run as frequently as once per minute.
  I'm using Discoverer 10.1.2.
  Thanks
  -Nissim

  These are two different schedulers...
  We are considering changing the UI to let the users specify a schedule frequency more frequent than once an hour. But that is in a future, as yet undecided release.
  For the time being, you can resort to hacks to refresh Discoverer portlers more frequently than an hour. Some information on the same is available on Metalink. I shall see if I can publish in the next few days a blog post on how to do that. Of course you have to realize that something like this is not encouraged or supported.
  Thanks
  Abhinav