|
Primarily the reason why I use Window's AV and have had issues in the past with McAfee after un-installation resulting in my computer being proliferated with Trojans and other malicious software and know others whom encountered the same. Regardless the discussion is flying off on tangents, but honestly [I don't and will not buy into the innocent, 3rd party blanket association]. Take care.
There are white hats out there (awesome thing), but that's a veil for some.
I was unaware of that...
|
|
|
|
|
I can't remember the producer or the channel I saw the documentary/interview about McAfee (the man), but there were live Q&A sessions with him; I want to say it was a National Geographic documentary produced by one of their branches that research topics outside of geography & wild life.
Regardless, was an eye opener --wish I could offer more help on the matter, but feel a search could reveal the video and feel it's a good hour or so spent. The vid is after the acquisition of McAfee, and McAfee (the man) is definitely convinced that someone or a group is out for his blood, but never definitively says why or whom skirting questions regarding the topics.
Seriously, who benefits more from the continued existence of malware then those out to put an end to it (might be the reason McAfee is paranoid); amazing that every machine I say that had McAfee AV then decided to drop it was immediately infected with a critical virus within 2 weeks tops. AV could have been the first form of ransom ware for all we know. Something to think about.
Anyway, was good chatting with ya!
I was unaware of that...
|
|
|
|
|
Well, first, if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong.
Second, the UI systems I've seen use dmesg to bypass the normal IO flow, and assign permissions to grant permissions to the UI, not the user, to perform tasks such as shutdown and network configuration. It does this specifically so the system can have base-level users that don't want to get into the system administration game.
If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
Nathan Minier wrote: if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong.
I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Nathan Minier wrote: If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
|
|
|
|
|
In order to save files in certain locations, you have to run a text editor with admin permissions. Still, the act of runnign them will/should request credentials.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Indeed; that the case even on Windows: I've lost count of the number of times I've tried to save a change I made to the hosts file, but then forgot I had launched Notepad without explicitly doing so as an admin. No way around that without re-launching.
|
|
|
|
|
I fixed that by setting the compatibility properties on notepad.exe to "run as administrator".
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
That's too obvious a solution.
Considering the downsides...meh. I suppose if I launch Notepad with a file...what's the (unintended) harm I could possibly do...?
Consider it done.
|
|
|
|
|
dandy72 wrote: I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Wow. No, I said if you're using a UI for production critical tasks you're doing it wrong.
dandy72 wrote: What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
Yes, just like Windows does.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
Nathan Minier wrote: Wow. No, I said if you're using a UI for production critical tasks you're doing it wrong.
...and thus, since most Linux distributions include a UI that gets installed by default, my comment stands...no?
I feel like we're splitting hairs here...
|
|
|
|
|
I'm sorry, I sometimes forget that not everyone's "production environment" consists of servers and infrastructure.
No, in fact. I haven't used a Linux distro that installs a UI by default in many, many years. In general I'm using RHEL, CentOS, and - for my project boxes - Arch.
One of my basic criteria for selecting a distro is that it does not run a Display Manager (GUI), as that is a considerable increase in terms of system footprint that needs to be secured. This is a fairly standard mindset from a server SysAdmin point of view; security and compliance are hard enough without throwing unnecessary bells and whistles into the mix.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
Well, we're certainly not disagreeing.
I just felt you were making a very broad, blanket statement.
Amongst those you've mentioned, I've tinkered with RHEL and CentOS, but always with a GUI. I'm not so hardcore yet as to live off of the terminal window by itself.
|
|
|
|
|
I don't know where you got that subject line from, but...
Linux is a Unix clone; its architecture is a carbon copy of Unix. And Unix was never planned, designed.
The *nix process concept was a created as a mechanism to let the space ships of the Space Invasion game to come increasingly closer while you were scratching your head. The shell is the Space Invasion command interpreter loop. They needed a language for programming the whole thing, and threw up a number of language constructs in a messy pile - C is the most explisitly non-designed language that I have ever come across. And it shows!
I would be curious to know where this "though-out" is found. Most of the thinking has been spent on "How shall we clean up this terrible mess?" To some degree, the question has been evaded by stating "That is not our problem" (e.g. higher level protocols, file system structures, synchronization, shared data, user identification) - keep it simple; if it simpler than necessary, claim that it improves clarity! Slowly, a few mechanisms crept in: Existence of a file was replaced by a binary semaphore (so that we didn't have to worry about concepts such as critical regions and monitors...), we got .so libraries, and if you were an expert, you could set up segments of the data segment as shared.
X.11 could be patched on top to give the illusion of event-driven system design - but worked only for the mouse and keyboard. Exception handling was kludged onto the C language, and so was OO. For threads we had several years with competing kludges.
I never saw a speck of "design" work behind the *nix operating system, and very little in the activities closely related to it (such as the C language and communication protocols). For some protocols, the IETF simply had to make major cleanups, e.g. in the SMTP protocol and a number of others, and it is clear for everybody to see that all the old critisisms of "non-*nix-style" starndardization work becomes increasingly appliccable to *nix and TCP/IP protocols standardization.
|
|
|
|
|
I don't know where you're coming from (especially when you're only known here as "member 7989122"), but I think a conversation between yourself and Linus Torvalds would be fascinating.
I'm not being facetious.
|
|
|
|
|
If he pays a visit to Kargasniemi or Karesuvanto, I'll probably be passing both towns during my vacation this summer. But I guess that if he is back in his homeland then, he will probably stay much further south in the country. I have never visited the south of Finland - I would like to spend a vacation there, but I guess I'd prefer it to be a vacation. Not for discussing OS design (and lack thereof).
I guess my need for fierce turf wars is fully satisified during my working day. If I should happen to meet one of the big gurus by accident, I would probably do as I use to when meeting people with strong opinions and egos: Act a lot less experienced than I am, but rather poke him with some far more thought out questions that they initially appear, to have him reveal more of his real thoughts and approaches to things, when he doesn't feel that he has to "defend" things, but rather "explain". You reveal a lot more when you explain. And the listener, me, can place "naive" questions at the right time to dig far deeper than what comes out of a turf war.
Sidetracking: One of my friends, on his way to becoming a top rate DBMS expert in the 1980s, had the database guru Jim Gray as his idol. At VLDB conferences, he was chasing Grey, hoping to one day get so close that he could say that he had been touching Jim Gray's coat
Then, one day at a VLDB conference, he saw Jim Gray coming right at him, cheering: "Hi, I hear that you guys are from Norway, is that right? Getting drunk with Norwegains is always great fun! Would you like to come along for a drinking night?" ... My friend went along, and the two became friends for live: When my friend married, Gray crossed the Atlantic to be his best man. I don't know if they ever were discussing database systems. Most likely they did, but that is not what formed a close friendship.
|
|
|
|
|
I'm not even sure your base premise is correct, since Windows was developed as a single user system and Linux a multi user system.
As for your observation about Linux shutdown, running sudo is the correct thing to do. Linux was derived from a multi-user environment and allowing any random user to shutdown the OS is not a good thing to do. The reason the console GUI shutdown works without sudo is because there is an underlying assumption that if you're using the console GUI then you're running in single user mode. I suspect the remote X-Windows GUI will require sudo to operate, just like Windows "hiding" the shutdown option when using RDP to connect to a remote system.
|
|
|
|
|
obermd wrote: running sudo is the correct thing to do. Linux was derived from a multi-user environment and allowing any random user to shutdown the OS is not a good thing to do
I agree entirely. I was just pointing out the inconsistency.
obermd wrote: The reason the console GUI shutdown works without sudo is because there is an underlying assumption that if you're using the console GUI then you're running in single user mode
That's probably the best response I've seen yet this thread. I wouldn't suggest however this is a great assumption to make.
obermd wrote: I suspect the remote X-Windows GUI will require sudo to operate,
Maybe it does, I haven't tried. I suspect you're right.
obermd wrote: just like Windows "hiding" the shutdown option when using RDP to connect to a remote system.
It's inconsistent for sure (across the multiple versions of Windows, and workstation- vs server versions), and I know I've seen policies to display/remove the option. But now that you bring this up, when you do have the option, Windows does warn you if you're about to do a shutdown and it knows other users are currently logged in. Given that's the case, I have to wonder why a UI-initiated shutdown request wouldn't do the same on Linux. It could be based on the assumption you put forth, but then, doing the check and putting up a warning as Windows does seems like a no-brainer to me.
All this to say...none of this is a "flaw" and I'm sure it's a deliberate design decision. And it'd be interesting to read the arguments that have been made on either side.
|
|
|
|
|
dandy72 wrote: I was just pointing out the inconsistency.
I think it's more accurate to call it a "security comprimise", because it's specifically intended to work that way. I don't see it as inconsistent.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Weird discussion in case of Win10. I use linux subsystem for linux within it. You can choose some linux distributions from windows store. I use, for example, firefox in linux on Win10 with success..
|
|
|
|
|
I'm glad you acknowledged that, I was about to, when to my surprise the last comment finally did.
I was also going to point out that there was an awful lot of discussion about other OSes when clearly the OP just wanted to complain about Windows. But then again, there's plenty of discussion here when someone just asks a question that can be answered "yes" or "no."
|
|
|
|
|
I'm not prejudiced -- they both suck!
Over the past few weeks I have been trying to sort out a Linux X-Windows problem. Too many versions, too many updates, too little adequate documentation, too many kids putting out messages on forums, too little design thoughtfulness, too many cryptic names ... I could go on for days.
Prior to that, I was trying to sort out a Window's UEFI dual boot problem. Same for Windows...and add too many internal functions that I don't need...or want, too many hidden telemetry functions that I don't trust, too many legacy functions that really should have been updated, too much being forced to do things MS's way....and on, and on, and on.
I want a clean, simple, understandable, capable, stable system that, in Apple's words, "just works". (I am not a fan of Apple either, but that's another story.)
I find too much of my time is spent nowadays sorting out interaction problems and managing updates. And I'm not getting done what I want to get done.
Not, back to figuring out why my abacus gave me a different answer than my slide rule.
|
|
|
|
|
I understand exactly what you're saying.
The problem is, we need someone to hit the Reset button and start with a whole new OS.
The problem with that is that it'd be expected to be compatible with everything else that already exists, else it's a non-starter. There's just so much baggage to worry about, such a project IMO would never get off the ground. So what do we do?
|
|
|
|
|
I've been doing some sideline research on what it would take to hit the Reset button (I like the way you phrased that!).
I wonder if that's what Google, Apple, etc., did when they came out with things like Android. OS'es don't have to be as complex as Windows or as convoluted as Linux.
Both have good features but carry so much legacy garbage that they become virtually unusable. Both are based on 1970's technology and little has been done to start from scratch, probably because nobody has the deep pockets or the will power to do it.
Things that might be done differently, IMO, include a programming language that is less error prone and more readable than current languages like C++ and javascript; consistent, clear naming conventions for utilities like using "copy" instead of "cp", less emphasis on "themes", better version and dependency usage, less hardware variation thus avoiding driver issues...just to name a few.
Scrapping compatibility goes a long way towards solving a lot of the legacy issues. Scrapping the idea of "being all things to all people" takes it even further.
Then, getting management out the picture would help as well. (I can't tell you how many times I've heard a manager say something like "We need to do....because _____ (fill in his favorite competitor) is doing it."
Or, maybe Artificial Intelligence will bring some real intelligence to the issue.
Just my thoughts.
|
|
|
|
|
rjmoses wrote: Scrapping compatibility goes a long way towards solving a lot of the legacy issues. Scrapping the idea of "being all things to all people" takes it even further.
When I read this I immediately thought "tablets".
They had a good run, companies made billions from them, but every market analyst is now saying sales have flatlined, if not declined altogether, for the past few years and there's no sign of that ever reversing course. Already.
They do a good job of "not being all things to all people", and for a lot of them this is all they need. But it's clear right now they're never going to be a complete replacement for what came before (and I'm not sure honestly if that was ever anyone's stated goal), and because of that, instead of simplifying things, they now add to the ecosystem complexity. I don't see how we can achieve a "full reset". Maybe a giant, planet-wide EM pulse like they like to do in the movies.
|
|
|
|
|
The general thinking is that if you have access to the console running the UI, then you also have access the the power button.
If your machine is genuinely multiuser, then there should be some system configuration to prevent a user from shutting down the system remotely.
|
|
|
|
|