Richard Bucker

iterm2, tmux and the ever-present security

Posted at — Mar 1, 2012

Being a freelance consultant I worry a lot. I worry that I might lose or misplace my laptop or worse that it falls into the hands of someone with less than honorable intentions. Of course you might also install a trojan, be attacked by a virus through multiple vectors.As a result my clients' secret sauce falls into the wrong hands; or maybe my family’s private information is leaked like credit cards or SSN.This and far worse is possible. Unfortunately there are no absolutes. Not even if you built your OS and applications from scratch. First of all there is not enough time to code review everything you’d need. You are probably not a programmer and if you are there is only a slim chance that you can code everything from a video device driver to a web server and a word processor. (there are only a few on the planet and I’m certainly not one of them).So the best way to protect yourself is a layered approach. Pay for your hardware from somewhere reputable; HP, Dell, Apple. Pay for your operating system or at least get it from a source with a profit motive. Red Hat, Fedora, Ubuntu, CentOS, Microsoft or Apple. When you are installing Free software. Look for the profit motive. If you find one then it might be safe. If not then avoid it and look for one to pay for. OpenOffice is a good choice because it was once part of Sun but before that it might have been questionable. The same can be said for websites, RSS feeds, torrents and so on. And have some checks and balances. For example I use little snitch and Apple’s firewall software to make sure that applications running on my computer do not have random access to the internet.The profit motive is a strong magnet. It’s what drives the thieves and it’s also what will protect you.So as I sit here playing with iTerm2, which I have been using for a long while, and tmux and I’m starting to get a case of butterflies. I’m confident that these programmers are good and lawful but I don’t know them personally. The fact that one of them could put in a key logger and then stream that data to their servers make me sick. (hopefully little snitch will catch it but it’s not foolproof.)Anyway, practice safe computing.