Just because joe-user doesn't have write access to a system file, or they dont have execute permissions on a mounted disk doesn't mean they don't have write access to a system file, or they don't have execute permission on a mounted disk. All it takes is a single exploit of some poorly coded program to happily grant them permission.
Linux boxes are not immune to ownage. All boxes are able to be owned. All it takes is a badly administrated box--the parent is right.
Anybody who supports any technology made by any company is obviously a paid shill for $COMPANY or $TECHNOLOGY. Likewise, anybody who argues against $TECHNOLOGY or $COMPANY is a paid shill by those in $OLD_INDUSTRY.
In other words all arguments for and against anything are done by paid shills. Won't somebody think of the children!?
The installer has elevated priv's, so I bet you are right that the spawned processes inherit the permissions. I bet this is the "correct" behavior because how would you differentiate between the setup program spawning some process that does more installation stuff and the final launch of the program.
My hunch is Firefox is doing something wrong in their setup program. I wouldn't be surprised given they don't distribute an MSI, they probably are using some crazy install software rather then something that produces a standard installer.
I bet there is a way to spawn a process that doesn't inherit the installer's permissions. Probably one little check box in the install creator or one flag in the system call. In fact, IIRC the install software I usually use, InstallAware, might have the "dont inherit permissions" checkbox--I'd have to check.
1) A lot of people who've never used Vista seem to have strong opinions about its workings. 2) The very same people seem to think they know what UAC actually does. 3) They are wrong.
UAC = "sudo [program name]"
That is all it is. No more, no less. No magic heuristics--the program has to request elevation, Vista doesn't just wait for the program to write to a non-authorized area (unless it is a old-school setup program written in the dark ages, in which case Vista *does* guess about the need to elevate the installer).
UAC elevates a single program to root, not the user. If you allowed a grace period, what would be elevated during the alloted time? The program? A command shell? The user's shell (i.e. the desktop and everything running in it)?
Seems to me if UAC elevates any more then the single program that asked to be elevated, you'll make the system significantly less secure. I really dont understand how a grace period would work.
That is a pretty lousy viewpoint that places a hell of a lot of faith in science. Our scientific process, as it exists right now, can only scratch the surface of the reality around us. We are probably hundreds of years from learning anything about what consciousness means and we may never know. Science has no understanding of what happened before the big bang, and really the big bang itself is only a fairly descriptive theory. Science will never answer *why* the universe exists or *why* we are here to observe it.
Me thinks you place far to much faith in science. Science is great, but it can only answer so much.
we could all be the same conscience with multiple viewports to the physical reality
The funny bit is, really views like this are actually the simplest explaination. Once you throw out the idea that you are a unique snowflake and the odds of "you being you" are basically 1 in every single life form on earth, including trees, it becomes vastly simpler to say "you are basically everybody and when you die, you just go back into the pool of everything-ness".
Short answer: be nice to the creatures around you--you probably are them, or were them, or will be them.
The big mistake was using Apple Computers to control the whole park. Had they used a proven system, maybe the dinosaurs would have never escaped containment. Maybe somebody here should write the director and find out.
On the same token, it was the Apple Computer who uploaded the virus onto the alien spacecraft in Independence Day. Some here would argue Windows would have been more effective, but I'm not so certain.
I dont really know where I'm going with this, but according to the product placement I've seen in movies, macs tend to be in the middle of tricky movie situations. This should be considered when creating your own private human-animal hybrid.
Words have specific meanings and "You are not inputting a password to authenticate higher privileges. You already have them" means one doesn't know what they are talking about. That statement is *not* true. You do *not* have higher privileges no matter who you are. You need to go through a UAC dialog to elevate the privileges of a program.
If AC knew what he was talking about, he'd draw a line between the wheel group and the Vista admin group. They are somewhat alike, though on many unix systems a person in "wheel" can do all kinds of root-like things without the use of sudo--this is not true on Vista.
The fact that the AC says "input your password" says he is either a very good troll or has never used Vista in his life. People in the admin group never have to input their password.
Our law dudes would go after the person who put the paid content on a p2p network. This being the internet, doing so is currently difficult and not fool proof.
Ideally, you'd go to jail for stealing somebodies intellectual property just like you would stealing any physical property. And I'm dead serious. And if you aren't as serious as I am, you clearly don't understand F/OSS depends on the same protection of intellectual property non-F/OSS does.
That works exactly like PDF that is 100% Stallman approved F/OSS?
You can print PDF files out of Word with a free download. There are perl libraries, php libraries and c libraries to create pdf files.
There isn't anything Stallman Free(tm) in existence that does anything close to PDF. And by "close to" I mean has a GUI and is brain dead easy for print shops, design studios, web publishers, API writers and end users to install and use.
Disk space is dirt cheap. That is less than a penny of disk space. Looking over my Reader directory, there is about 32 megs of localization resources. 2 megs of fonts. 40 megs of plugins. 102 megs of setup files so you can repair/change the installation. The actual core binaries seem to be under 5 megs.
There is probably a good reason these are so large anyway--developer time is vastly more expensive than disk space and PDF is a pretty complex beast.
Is it really worth spending months to create more brittle, less readable yet highly optimized code so you can save a penny of disk space?
That is 100% not true. Your user account *is running as a regular user* no matter what group it is in. It doesn't matter if you are in the admin group (unless you stupidly disable UAC, in which case you basically run as root).
"UAC" = "sudo [program name]" "Vista, Administrator Group" = "your account is in/etc/sudoers with 'username = NOPASSWD: [your program]'" "Vista, non admin group" = "sudo [program name] with password, but that depends on the group policy... "
Your highly moderated post is 100% mis-information and is *not true*. YOU ARE NOT RUNNING AS ROOT UNTIL YOU ELEVATE VIA UAC!!
The problem is that you dont understand the problem. According to your +5 informative post, sudo is also a hack to get around inherent security holes in the Linux kernel, right? Because that is basically what you said.
The problem is until UAC every damn user account was running root. UAC was Microsoft's version of sudo. A program runs as a normal user until you click through the UAC dialog and run it as root instead.
But the real, true problem with UAC is a bunch of Unix nerds have no clue what the hell UAC actually is. UAC is nothing more then a graphical version, sometimes password-free version of "sudo [path to your program]". That is it.
In other words, you want everybody to run as root all the time, right? Because the only way to avoid having a prompt of some kind or other is to always run as root.
How can you make a system both secure, "prompt free" *and* not have it run as root? Or is your solution to run as root 24/7? If so, sorry, been there done that, got the botnet.
Making it harder to install "Stupid Mouse Jumps Around the Screen and Installs Spyware.exe" is a feature, not a bug.
If that's what she wants to do, who is anyone else to tell her no?
Well, for one I'd stop supporting her machine. Can't do that though because, you know, she is my mother and all. I can't just tell her to FOAD seeing as how she gave birth to me.
You have no business writing to Program Files. Do you still modify win.ini and system.ini and drop DLL's into system32 as well? Writing to Program Files is about as bad and obsolete a practice as writing to win.ini.
Yes it is frustrating to have it redirected and maybe they should have put something in your event log to help make it obvious, but dammit, writing to Program Files was discouraged even in Windows XP. The only reason it redirects instead of totally fails is because there are gobs of badly written programs that still exist (try to write to Program Files as a normal user) and Microsoft didn't want to break all of them.
There are API's to get a proper place to write system-wide settings. Even then, you probably will need to get your program to elevate itself via UAC because you are modifying global stuff. I bet if you elevated your app before writing to Program Files, it wouldn't redirect (check MSDN). Remember that "admin user" doesn't mean you are running as an admin in vista, your program has to request a UAC dialog before you run as root otherwise you run as a regular joe.
Seriously though, try running your program as Administrator (right click on the exe and go "Run as Administrator). See if it still redirects, I bet it doesnt.
that people should not be logged into Windows boxes as if they were the Administrator of that system
Good, because Vista and Windows 7 agree with you. Nobody runs as Admin (aka "root") on Vista or Windows 7. They only elevate individual programs to "root" through a UAC dialog. The only time this isn't true is when some fool disables UAC, in which case their account runs as root.
The admin group in Vista/Windows 7 basically says "You can display a UAC dialog without a password on it".
That said, the example I found did not work in Firefox. When I hit "ALT + e", the caret did not move to the box in the example. Instead it opened the edit menu. This was the case no matter what part of firefox had focus...Oh wait, I had to hit "ALT + SHIFT + E" because the access key appears to be case sensitive. Then I hit "ALT + SHIFT + P" to move to the "Phone" field and Windows Media Player popped up. I guess in Firefox guess the GUI takes priority over the page for access keys.
I tried the same page in Chrome and the access key was *not* case sensitive and "ALT + E" worked just fine. IE7? Works as good as Chrome.
Conclusion? A good idea in theory, but the browser support, at least in Firefox, is very half assed.
I think the parent is right. But I'll modify his prediction to say "on mobile devices". Case in point:
Can your java applet talk with the GPS unit on an iPhone? If no, then you write a native app.
I can easily forsee a lot of "real" applications written for the iPhone or Android. Of course, Andriod might be a java stack, I'm not sure:-)
PS: Hopefully someday soon there will be a standard way for a javascript application go talk with a mobile phone's GPS. There is a *huge* potential for GPS + Mobile + Always on internet.
Slashdot Mirror
Just because joe-user doesn't have write access to a system file, or they dont have execute permissions on a mounted disk doesn't mean they don't have write access to a system file, or they don't have execute permission on a mounted disk. All it takes is a single exploit of some poorly coded program to happily grant them permission.
Linux boxes are not immune to ownage. All boxes are able to be owned. All it takes is a badly administrated box--the parent is right.
Anybody who supports any technology made by any company is obviously a paid shill for $COMPANY or $TECHNOLOGY. Likewise, anybody who argues against $TECHNOLOGY or $COMPANY is a paid shill by those in $OLD_INDUSTRY.
In other words all arguments for and against anything are done by paid shills. Won't somebody think of the children!?
The installer has elevated priv's, so I bet you are right that the spawned processes inherit the permissions. I bet this is the "correct" behavior because how would you differentiate between the setup program spawning some process that does more installation stuff and the final launch of the program.
My hunch is Firefox is doing something wrong in their setup program. I wouldn't be surprised given they don't distribute an MSI, they probably are using some crazy install software rather then something that produces a standard installer.
I bet there is a way to spawn a process that doesn't inherit the installer's permissions. Probably one little check box in the install creator or one flag in the system call. In fact, IIRC the install software I usually use, InstallAware, might have the "dont inherit permissions" checkbox--I'd have to check.
That there are:
1) A lot of people who've never used Vista seem to have strong opinions about its workings.
2) The very same people seem to think they know what UAC actually does.
3) They are wrong.
UAC = "sudo [program name]"
That is all it is. No more, no less. No magic heuristics--the program has to request elevation, Vista doesn't just wait for the program to write to a non-authorized area (unless it is a old-school setup program written in the dark ages, in which case Vista *does* guess about the need to elevate the installer).
UAC elevates a single program to root, not the user. If you allowed a grace period, what would be elevated during the alloted time? The program? A command shell? The user's shell (i.e. the desktop and everything running in it)?
Seems to me if UAC elevates any more then the single program that asked to be elevated, you'll make the system significantly less secure. I really dont understand how a grace period would work.
That is a pretty lousy viewpoint that places a hell of a lot of faith in science. Our scientific process, as it exists right now, can only scratch the surface of the reality around us. We are probably hundreds of years from learning anything about what consciousness means and we may never know. Science has no understanding of what happened before the big bang, and really the big bang itself is only a fairly descriptive theory. Science will never answer *why* the universe exists or *why* we are here to observe it.
Me thinks you place far to much faith in science. Science is great, but it can only answer so much.
The funny bit is, really views like this are actually the simplest explaination. Once you throw out the idea that you are a unique snowflake and the odds of "you being you" are basically 1 in every single life form on earth, including trees, it becomes vastly simpler to say "you are basically everybody and when you die, you just go back into the pool of everything-ness".
Short answer: be nice to the creatures around you--you probably are them, or were them, or will be them.
The big mistake was using Apple Computers to control the whole park. Had they used a proven system, maybe the dinosaurs would have never escaped containment. Maybe somebody here should write the director and find out.
On the same token, it was the Apple Computer who uploaded the virus onto the alien spacecraft in Independence Day. Some here would argue Windows would have been more effective, but I'm not so certain.
I dont really know where I'm going with this, but according to the product placement I've seen in movies, macs tend to be in the middle of tricky movie situations. This should be considered when creating your own private human-animal hybrid.
Words have specific meanings and "You are not inputting a password to authenticate higher privileges. You already have them" means one doesn't know what they are talking about. That statement is *not* true. You do *not* have higher privileges no matter who you are. You need to go through a UAC dialog to elevate the privileges of a program.
If AC knew what he was talking about, he'd draw a line between the wheel group and the Vista admin group. They are somewhat alike, though on many unix systems a person in "wheel" can do all kinds of root-like things without the use of sudo--this is not true on Vista.
The fact that the AC says "input your password" says he is either a very good troll or has never used Vista in his life. People in the admin group never have to input their password.
Wow. That is the only nice looking myspace page I've ever seen.
Our law dudes would go after the person who put the paid content on a p2p network. This being the internet, doing so is currently difficult and not fool proof.
Ideally, you'd go to jail for stealing somebodies intellectual property just like you would stealing any physical property. And I'm dead serious. And if you aren't as serious as I am, you clearly don't understand F/OSS depends on the same protection of intellectual property non-F/OSS does.
That is the first that comes to mind. Validation on forms. See also: Your IRS 1040
That works exactly like PDF that is 100% Stallman approved F/OSS?
You can print PDF files out of Word with a free download. There are perl libraries, php libraries and c libraries to create pdf files.
There isn't anything Stallman Free(tm) in existence that does anything close to PDF. And by "close to" I mean has a GUI and is brain dead easy for print shops, design studios, web publishers, API writers and end users to install and use.
Disk space is dirt cheap. That is less than a penny of disk space. Looking over my Reader directory, there is about 32 megs of localization resources. 2 megs of fonts. 40 megs of plugins. 102 megs of setup files so you can repair/change the installation. The actual core binaries seem to be under 5 megs.
There is probably a good reason these are so large anyway--developer time is vastly more expensive than disk space and PDF is a pretty complex beast.
Is it really worth spending months to create more brittle, less readable yet highly optimized code so you can save a penny of disk space?
Actually, UAC prompts to elevate privs to--really there is no difference. UAC = a GUI version of sudo.
That is 100% not true. Your user account *is running as a regular user* no matter what group it is in. It doesn't matter if you are in the admin group (unless you stupidly disable UAC, in which case you basically run as root).
"UAC" = "sudo [program name]"
"Vista, Administrator Group" = "your account is in
"Vista, non admin group" = "sudo [program name] with password, but that depends on the group policy... "
Your highly moderated post is 100% mis-information and is *not true*. YOU ARE NOT RUNNING AS ROOT UNTIL YOU ELEVATE VIA UAC!!
The problem is that you dont understand the problem. According to your +5 informative post, sudo is also a hack to get around inherent security holes in the Linux kernel, right? Because that is basically what you said.
The problem is until UAC every damn user account was running root. UAC was Microsoft's version of sudo. A program runs as a normal user until you click through the UAC dialog and run it as root instead.
But the real, true problem with UAC is a bunch of Unix nerds have no clue what the hell UAC actually is. UAC is nothing more then a graphical version, sometimes password-free version of "sudo [path to your program]". That is it.
In other words, you want everybody to run as root all the time, right? Because the only way to avoid having a prompt of some kind or other is to always run as root.
How can you make a system both secure, "prompt free" *and* not have it run as root? Or is your solution to run as root 24/7? If so, sorry, been there done that, got the botnet.
Making it harder to install "Stupid Mouse Jumps Around the Screen and Installs Spyware.exe" is a feature, not a bug.
Well, for one I'd stop supporting her machine. Can't do that though because, you know, she is my mother and all. I can't just tell her to FOAD seeing as how she gave birth to me.
You have no business writing to Program Files. Do you still modify win.ini and system.ini and drop DLL's into system32 as well? Writing to Program Files is about as bad and obsolete a practice as writing to win.ini.
Yes it is frustrating to have it redirected and maybe they should have put something in your event log to help make it obvious, but dammit, writing to Program Files was discouraged even in Windows XP. The only reason it redirects instead of totally fails is because there are gobs of badly written programs that still exist (try to write to Program Files as a normal user) and Microsoft didn't want to break all of them.
There are API's to get a proper place to write system-wide settings. Even then, you probably will need to get your program to elevate itself via UAC because you are modifying global stuff. I bet if you elevated your app before writing to Program Files, it wouldn't redirect (check MSDN). Remember that "admin user" doesn't mean you are running as an admin in vista, your program has to request a UAC dialog before you run as root otherwise you run as a regular joe.
Seriously though, try running your program as Administrator (right click on the exe and go "Run as Administrator). See if it still redirects, I bet it doesnt.
Good, because Vista and Windows 7 agree with you. Nobody runs as Admin (aka "root") on Vista or Windows 7. They only elevate individual programs to "root" through a UAC dialog. The only time this isn't true is when some fool disables UAC, in which case their account runs as root.
The admin group in Vista/Windows 7 basically says "You can display a UAC dialog without a password on it".
"Accesskey" is the magic attribute!
That said, the example I found did not work in Firefox. When I hit "ALT + e", the caret did not move to the box in the example. Instead it opened the edit menu. This was the case no matter what part of firefox had focus. ..Oh wait, I had to hit "ALT + SHIFT + E" because the access key appears to be case sensitive. Then I hit "ALT + SHIFT + P" to move to the "Phone" field and Windows Media Player popped up. I guess in Firefox guess the GUI takes priority over the page for access keys.
I tried the same page in Chrome and the access key was *not* case sensitive and "ALT + E" worked just fine. IE7? Works as good as Chrome.
Conclusion? A good idea in theory, but the browser support, at least in Firefox, is very half assed.
It doesn't do you any good if the userbase never bothers to upgrade.
Dear IE6 users: UPGRADE!!!!!
I think the parent is right. But I'll modify his prediction to say "on mobile devices". Case in point:
Can your java applet talk with the GPS unit on an iPhone? If no, then you write a native app.
I can easily forsee a lot of "real" applications written for the iPhone or Android. Of course, Andriod might be a java stack, I'm not sure :-)
PS: Hopefully someday soon there will be a standard way for a javascript application go talk with a mobile phone's GPS. There is a *huge* potential for GPS + Mobile + Always on internet.
And for the love of god, stop broadcasting our IP address!!!