Re: default messaging/VoIP client for Debian 8/Jessie

To: debian-devel@lists.debian.org
Subject: Re: default messaging/VoIP client for Debian 8/Jessie
From: Kevin Chadwick <ma1l1ists@yahoo.co.uk>
Date: Thu, 3 Apr 2014 20:41:28 +0100
Message-id: <[🔎] 676094.53700.bm@smtp120.mail.ir2.yahoo.com>
In-reply-to: <[🔎] 87zjk4elhy.fsf@windlord.stanford.edu>
References: <18810982.80031396370867436.JavaMail.root@newmail.brainfood.com> <[🔎] 30457674.80051396371033364.JavaMail.root@newmail.brainfood.com> <[🔎] 20140401203341.GD15123@a82-93-13-222.adsl.xs4all.nl> <[🔎] 92558.69695.bm@smtp146.mail.ir2.yahoo.com> <[🔎] 87zjk4elhy.fsf@windlord.stanford.edu>

previously on this list Russ Allbery contributed:

> > I guess you missed all the exploits in JAVA over the years and
> > especially last year where it was banned for long periods from all
> > browsers. To the point that the pressure is building on web hosts to
> > drop JAVA KVM clients completely.  
> 
> Most of the exploits in Java (I have no idea why you write the word in all
> caps)

Just from the logo, the one I see on Windows boxes as I don't really
see one anywhere else and avoid it wherever possible and which is the
correct stance to take for multiple reasons.

http://blog.trendmicro.com/trendlabs-security-intelligence/java-native-layer-exploits-going-up/

> are flaws in the sandbox security model.  While those are real
> vulnerabilities in the context of running untrusted Java applets
> downloaded from the network, they're not horribly interesting in the
> context of running trusted applications installed through normal signed
> apt repositories.
> 

Not horribly interesting isn't saying much and the rediculous number of
vulns on osvdb this year alone not to mention the bloatedness and
ability to run jars in such a complex beast outside the unix security
model by default is more than enough to rule out any default java apps
in I'm sure many peoples opinion. Heck CESG guidelines say to get rid of
small parsers like perl and shell access.


-- 
_______________________________________________________________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
_______________________________________________________________________

I have no idea why RTFM is used so aggressively on LINUX mailing lists
because whilst 'apropos' is traditionally the most powerful command on
Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool
to help psychopaths learn to control their anger.

(Kevin Chadwick)

_______________________________________________________________________

Reply to:

References:
- Re: default messaging/VoIP client for Debian 8/Jessie
  - From: Ean Schuessler <ean@brainfood.com>
- Re: default messaging/VoIP client for Debian 8/Jessie
  - From: Bas Wijnen <wijnen@debian.org>
- Re: default messaging/VoIP client for Debian 8/Jessie
  - From: Kevin Chadwick <ma1l1ists@yahoo.co.uk>
- Re: default messaging/VoIP client for Debian 8/Jessie
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: ca-certificates: no more cacert.org certificates?!?
Next by Date: Re: systemd and Linux are *fundamentally incompatible* -> and I can prove it
Previous by thread: Re: default messaging/VoIP client for Debian 8/Jessie
Next by thread: Re: default messaging/VoIP client for Debian 8/Jessie
Index(es):
- Date
- Thread