Definitions for Windows viruses, so your mac can say "virus detected!!" and give you the warm fuzzies that symantec (or whoever) are protecting you from a (currently) non-existant threat, so you continue to put up the cash...
I would add that all the eye-candy type shit does is make the code more vulnerable to exploitation.
It's additional program code (no doubt, running as "system") that does not need to be there. More code = more code to check for security/safety = more likely it will be exploitable.
As proven last year (from memory) when Symantec(?) had an exploitable hole in their firewall software.
The difference is, that Linux is usable by a power user without logging in as root, via use of SUDO (or SU) to do what you need to do when you need to do it.
Windows is getting better in that respect (run-as), but it's still not exactly functional in my experience.
Half the games out there need to run as administrator - and if you're going to suggest I go through and figure out how to set them up not to, then that defeats the purpose of using windows because it's "easy to use"...
Yeah, i've done that before (5-7 years ago, I needed to use LookOut to be able to use the company exchange server) - other than that, all my work was being a Unix sysadmin-geek), however these days, all Windows is really *necessary* for is games.
Well, if you're going to exclude the one solution that will let you run Windows programs, you're fucked, aren't you?
You will be able to buy music online from Yahoo as MP3. There are other alternatives to MS money.
If you feel that the anal rapage microsoft is delivering to you is fair price for the two minor problems that you face in migration, then fair enough. Stick your head in the sand, bend over, and take it. Enjoy.
Myself, I'll be using Win2k for games until it's no longer feasible. Which i don't see happening any time soon, as my main gaming interest seems lately to be Falcon4: Allied force and a few older games.
By the time Win2k is no longer usable, I'll be either 100% linux/BSD, and/or OS/X.
The difference is that the info to FIX your linux problems is actually available (if, at times, a little difficult to find), without whipping out your credit card before you're actually guaranteed any sort of resolution.
I could list several problems I've had with Windows that have simply had *no solution available* unless perhaps I was to call microsoft, wait on hold and then whip out my credit card for support by some helpdesk gumby running off a cheat-sheat. Fuck that.
I'm not going to bother listing them in detail, other than say that media player, Internet Explorer and issues with multi-boot scenarios are the main problems I've had, as it's largely irrelevant.
In 10 years of using Linux (and BSD) I've never come across an operating system issue that the only solution was to reformat/reinstall/change hardware configuration. If necessary, I've been able to take issues all the way to the original coder (not that I've had any to speak of, but I did for example submit a spelling/grammar correction to FreeBSD's "man jail":))
However, the golden rule is to read carefully, google thoroughly and then be selective about who you deal with for support. Ignore the fuckwits.
To be honest, if you're too lazy to look up what APT is for example, then that's not a fair comparison to the fact that you're willing to google for your windows problems by yourself - and you deserve to be flamed.
I dunno about you, but I can go to the store, buy a 4 CD game, come home and install it - all within a couple of hours or less - without using any of my bandwidth (monthly quota, but even if i wasn't paying for it, it would be utilising my connection while i could be using it for other things).
I'm not sure what your bandwidth is, but if you can download 2gigs worth of data or so in significantly less time than that, your internet cock must be huge...
Plus, I get a nice printed manual, etc...
As they say, don't underestimate the bandwidth of a set of CDs...
Repeat after me, You *do not* need to buy a high end video card.
I have not spent more than $220 (australian) on a video card in about 10 years.
And I usually run the more recent games too - you just have to be selective about what you buy, and realise that no, you don't need 90fps with all details on in every game on the market...:)
My Geforce 4200 served me well for 3 years, and my 6600GT did for the past year as well before I just replaced it (entire machine) with a 7600GT.
How about instead of chasing the 60% of the market, cater to the rest of us who do play games that don't neccessarily require Alienware or some juiced-up PC game station
If you don't have a kick-ass system, then the bargain bin full of yesterday's classics should run just fine.
New games should, if it will enhance the experience, push the envelope hardware-wise. Why? Because otherwise people are not going to push the hardware industry along if all they've got to run on their $2000+ machines is a copy of pac man... and this would be bad. With no "early adopters" to push the hardware, we'd still be running crap like Alley Cat, sopwith, etc on monochrome PC XTs...
Plus, games programmers are attracted to projects that are interesting to program. And pushing the envelope is exactly that...
If you can't run the game today, by the time you upgrade machines down the track it will be in the bargain bin and still available...
I do agree however that gameplay should be number 1...
If you put out something that is less entertaining to somebody than continuing on with their WOW character online, then of course it's not going to sell to WOW owners.
Myself, I don't own/play WOW (I play Eve online a bit instead), but that's how I see it.
The only difference between WOW and traditional games is the long-term playability from the online aspect.
However, I can confirm that Diablo 1/2 had exactly the same effect for me (bought fewer games) - in fact I just fired up Diablo2 again last weekend:D
Upgrade from XP to 2000, which doesn't insist on installing WGA before you can install updates, runs faster, and generally pisses you off less by trying to do stuff behind your back.
If someone finds out your password (and you use it for a lot of remote systems), you need to change it on all those remote systems. In this respect, a public/private key pair is no different...:-\ You'll need to install/send the new public key to each system.
One thing i forgot. If you suspect your private key is compromised, you should of course ALSO tell anyone who uses the public-key half of it (ie, any admin of a machine you've sent your public key to) to revoke it's access.
Yes, if someone nabs your key, it's a risk. The password will slow them down however, and if you notice that you've been r00ted and suspect you've had a key stolen, you should generate a new pair.
Also, what i used to do at my previous employer where i used keys, was store my private key on my USB memory stick, and only plug it in when i'm likely to be using it.
That way I can carry it with me, and someone needs to steal it, then know what it is, before they can use it:)
If you only allow logins to the machines you access from ONE central machine (eg, your workstation) and then secure that workstation's private key (eg, on removable media, or a well firewalled/well secured machine that doesn't allow public access), you can reduce the risks.
Of course, the private key is gold though. Password protect it, and as soon as you suspect that it's been stolen, you should generate a new key-pair.
Or even better, they'll realise that the whole concept of passwords is broken and they'll start using private/public keys like everyone else with an internet-connected machine who cares about security.
Or, see the post below mine, which doesn't do it ass-about, and relies on the end user to generate the key-pair and send the public key to the system admin of the device you want to access.
The public key can be stolen/seen - it can't be used for authentication, so you avoid the requirement for a secure channel to transmit your private key back to you.
I'm just used to dealing with users who don't know how to generate their own private keys, so i do it for them... and have to give them their private key myself...
You are given a "private key" (optionally further secured by a password), by the administrator of the system that corresponds to the public key on the server.
Instead of your password being sent to the server, authentication is performed by using your private key to send encrypted information to the ssh server, which is then decrypted/authenticated with the public key. If the keys don't match (as a "keyed" pair, they're not identical), you don't get in.
Compared to passwords (which are typically 8 characters or less), the public/private key pairs can be 1024 bits or larger, and randomly generated (as opposed to passwords which are very NOT random).
This makes the whole setup more secure.
The password (optional) on your private key simply stops (or rather, slows down) someone who has stolen/obtained access to your private key from being able to use it without supplying a password.
If the private key is lost/stolen, you simply revoke it by generating a new public/private key pair, and reissue the private key to the end user via a "secure" channel (physical media, one time passworded connection or whatever).
That's the laymans rundown... technically it might happen a little different to that, but that's the general idea..
I mean, it's one thing to use an insecure password on your personal machine - but using an insecure password on a common development machine for a fairly high profile project is just irresponsible.
Locking them out is totally fair, and imho it's the responsible thing to do.
STRONG passwords should be enforced (hell, mandatory keyed logins would be better) on machines like this (which are fairly attractive targets for abuse)...
Definitions for Windows viruses, so your mac can say "virus detected!!" and give you the warm fuzzies that symantec (or whoever) are protecting you from a (currently) non-existant threat, so you continue to put up the cash...
I would add that all the eye-candy type shit does is make the code more vulnerable to exploitation.
It's additional program code (no doubt, running as "system") that does not need to be there. More code = more code to check for security/safety = more likely it will be exploitable.
As proven last year (from memory) when Symantec(?) had an exploitable hole in their firewall software.
Ah yes, it was symantec: http://www.theregister.co.uk/2004/05/13/symantec_f irewall_flaws/
So yeah, AV software writers should concentrate on writing AV software, not entries into Assembly '06...
So uh... what do you use your internet connection for again? :D
I can keep my machine secure by disconnecting it from the network as well, doesn't mean it's a feasible idea for most people...
Windows is getting better in that respect (run-as), but it's still not exactly functional in my experience.
Half the games out there need to run as administrator - and if you're going to suggest I go through and figure out how to set them up not to, then that defeats the purpose of using windows because it's "easy to use"...
And VMWARE is shit for games :-\
Well, if you're going to exclude the one solution that will let you run Windows programs, you're fucked, aren't you?
You will be able to buy music online from Yahoo as MP3. There are other alternatives to MS money.
If you feel that the anal rapage microsoft is delivering to you is fair price for the two minor problems that you face in migration, then fair enough. Stick your head in the sand, bend over, and take it. Enjoy.
Myself, I'll be using Win2k for games until it's no longer feasible. Which i don't see happening any time soon, as my main gaming interest seems lately to be Falcon4: Allied force and a few older games.
By the time Win2k is no longer usable, I'll be either 100% linux/BSD, and/or OS/X.
The difference is that the info to FIX your linux problems is actually available (if, at times, a little difficult to find), without whipping out your credit card before you're actually guaranteed any sort of resolution.
I could list several problems I've had with Windows that have simply had *no solution available* unless perhaps I was to call microsoft, wait on hold and then whip out my credit card for support by some helpdesk gumby running off a cheat-sheat. Fuck that.
I'm not going to bother listing them in detail, other than say that media player, Internet Explorer and issues with multi-boot scenarios are the main problems I've had, as it's largely irrelevant.
In 10 years of using Linux (and BSD) I've never come across an operating system issue that the only solution was to reformat/reinstall/change hardware configuration. If necessary, I've been able to take issues all the way to the original coder (not that I've had any to speak of, but I did for example submit a spelling/grammar correction to FreeBSD's "man jail" :))
However, the golden rule is to read carefully, google thoroughly and then be selective about who you deal with for support. Ignore the fuckwits.
To be honest, if you're too lazy to look up what APT is for example, then that's not a fair comparison to the fact that you're willing to google for your windows problems by yourself - and you deserve to be flamed.
Bah. The one post today I don't preview, and it's fucked :D
I'm not sure what your bandwidth is, but if you can download 2gigs worth of data or so in significantly less time than that, your internet cock must be huge...
Plus, I get a nice printed manual, etc...
As they say, don't underestimate the bandwidth of a set of CDs...
PC gaming is more expensive yes, however the upgrades are tax-deductible and also serve useful for other things...
I have not spent more than $220 (australian) on a video card in about 10 years.
And I usually run the more recent games too - you just have to be selective about what you buy, and realise that no, you don't need 90fps with all details on in every game on the market... :)
My Geforce 4200 served me well for 3 years, and my 6600GT did for the past year as well before I just replaced it (entire machine) with a 7600GT.
If you don't have a kick-ass system, then the bargain bin full of yesterday's classics should run just fine.
New games should, if it will enhance the experience, push the envelope hardware-wise. Why? Because otherwise people are not going to push the hardware industry along if all they've got to run on their $2000+ machines is a copy of pac man... and this would be bad. With no "early adopters" to push the hardware, we'd still be running crap like Alley Cat, sopwith, etc on monochrome PC XTs...
Plus, games programmers are attracted to projects that are interesting to program. And pushing the envelope is exactly that...
If you can't run the game today, by the time you upgrade machines down the track it will be in the bargain bin and still available...
I do agree however that gameplay should be number 1...
Myself, I don't own/play WOW (I play Eve online a bit instead), but that's how I see it.
The only difference between WOW and traditional games is the long-term playability from the online aspect.
However, I can confirm that Diablo 1/2 had exactly the same effect for me (bought fewer games) - in fact I just fired up Diablo2 again last weekend :D
I think the new Nvidia drivers have some sort of cleartype-ish stuff in them too, because it certainly looks less ugly than before I upgraded to XP...
Less security problems as well :D
I'll bet dollars to donuts that maybe 1-2% of users actually *do*
The downside of passwords compared to keys is that they're many many times easier to brute force...
If someone finds out your password (and you use it for a lot of remote systems), you need to change it on all those remote systems. In this respect, a public/private key pair is no different... :-\ You'll need to install/send the new public key to each system.
One thing i forgot. If you suspect your private key is compromised, you should of course ALSO tell anyone who uses the public-key half of it (ie, any admin of a machine you've sent your public key to) to revoke it's access.
Yes, if someone nabs your key, it's a risk. The password will slow them down however, and if you notice that you've been r00ted and suspect you've had a key stolen, you should generate a new pair.
Also, what i used to do at my previous employer where i used keys, was store my private key on my USB memory stick, and only plug it in when i'm likely to be using it.
That way I can carry it with me, and someone needs to steal it, then know what it is, before they can use it :)
If you only allow logins to the machines you access from ONE central machine (eg, your workstation) and then secure that workstation's private key (eg, on removable media, or a well firewalled/well secured machine that doesn't allow public access), you can reduce the risks.
Of course, the private key is gold though. Password protect it, and as soon as you suspect that it's been stolen, you should generate a new key-pair.
Hope that helps... :)
Or even better, they'll realise that the whole concept of passwords is broken and they'll start using private/public keys like everyone else with an internet-connected machine who cares about security.
This wasn't a remote exploit.
If you give away logins on any machine, people will likely be able to use some local exploit to own the box.
Most of the Windows security problems we bitch about involve REMOTE exploits with no user account necessary.
The public key can be stolen/seen - it can't be used for authentication, so you avoid the requirement for a secure channel to transmit your private key back to you.
I'm just used to dealing with users who don't know how to generate their own private keys, so i do it for them... and have to give them their private key myself...
How it works:
You are given a "private key" (optionally further secured by a password), by the administrator of the system that corresponds to the public key on the server.
Instead of your password being sent to the server, authentication is performed by using your private key to send encrypted information to the ssh server, which is then decrypted/authenticated with the public key. If the keys don't match (as a "keyed" pair, they're not identical), you don't get in.
Compared to passwords (which are typically 8 characters or less), the public/private key pairs can be 1024 bits or larger, and randomly generated (as opposed to passwords which are very NOT random).
This makes the whole setup more secure.
The password (optional) on your private key simply stops (or rather, slows down) someone who has stolen/obtained access to your private key from being able to use it without supplying a password.
If the private key is lost/stolen, you simply revoke it by generating a new public/private key pair, and reissue the private key to the end user via a "secure" channel (physical media, one time passworded connection or whatever).
That's the laymans rundown... technically it might happen a little different to that, but that's the general idea..
Locking them out is totally fair, and imho it's the responsible thing to do.
STRONG passwords should be enforced (hell, mandatory keyed logins would be better) on machines like this (which are fairly attractive targets for abuse)...
I was here before UIDs, just didn't bother to get one for like a week.
Wonder how many of the old crowd still frequent this place?