You pretty much can't deny it. Settings in Linux are everywhere. Most applications have their own configuration file, while Gnome has a registry-like config.
It comes from the Unix philosophy: lots of simple programs, each which does its own job very well. When trying to build a system out of these parts, it's simply going to be all over the place. It doesn't bother me too much--I read the manual, find out where to change the setting, change it, and then I'm done. It's not always intuitive, though, so people who are accustomed to just being able to figure it out by tinkering will often have problems.
You're also spot on about customization. It's the bread-and-butter of Linux, and it's why I love it. I can make my computer behave the way I want it to--I'm not stuck with dictated standards from Apple or Microsoft.
That's fair. You've got a citation that says it. At least you aren't talking out of your ass.
I'm going to stand by my earlier statement, though.
An extra click to perform administrative tasks does not mean that they aren't running as administrator. I realize now that I should have stopped when I said:
If you think that the extra clicks makes it more secure, then I'm afraid we won't be finding much common ground in this discussion. and you said
Yes, it does
I know about those, but they're nowhere near as easy to use as NoScript. The main thing that NoScript does better is that it will show you all of the sites used on the current page, with options to allow them individually (and temporarily, if you like.)
Opera's preferences don't make it easy. If an embedded bit of code is executing Javascript (dangerous, but sometimes useful), it can be pretty hard to track down what you need to explicitly allow. Another problem is that when you have a large list of sites with preferences, the site dialog box slows to a crawl (at least, I experience this on my machine.) When I try to manage scripting in Opera, I tend to use site preferences until I hit a site with embedded code from another host, then I'll turn on Javascript globally (because it's a pain to track down which site I need to allow), and I'll usually forget to turn it off when I'm done. That may be my own failing, but with Firefox, it's never something I have to worry about because of the NoScript extension.
I tend to use the Opera+Firefox solution. I use Opera for day-to-day browsing and Firefox for anything Flash other than Youtube. The only thing I miss in Opera is NoScript.
The thing is, applications are moving away from the desktop and towards the web because of the users. They are they ones who think that Internet Explorer takes them to the entire Internet. They are the ones who don't understand that you can access the Internet in other ways.
I don't see this really catching on. One of the few good things about webmail is that it gives a consistent interface no matter where you are, and you don't have to install anything special in order to use it. Bringing applications back to the desktop is a step backwards from this, and while many of us don't think it's a bad thing, many users will not see this as advancement.
DVDs have region coding to censor content in accordance with regional customs and laws. You may have bought into some propaganda. Region coding was solely there to protect release dates and pricing structures. Release dates because in some cases, a movie would be released on DVD in the US before it even made it to the theaters in Europe. Pricing structures because the US DVD tended to be cheaper than other DVDs.
Incidentally, HD-DVD doesn't include region coding, though Bluray does.
Blue Pill doesn't pose risks to virtual environments--it poses risks to machine with hardware virtualization enabled. It's irrelevant whether or not virtualization is actively being used. Furthermore, virtualized environments without hardware virtualization (such as is offered by new Intel and AMD chips) are immune to Blue Pill.
Bugs aren't always exploitable, and the common classes of errors which lead to exploitable code are well known. Thus, for small projects, even if you can't squash all of the bugs, it's pretty likely that you can squash all of the exploitable bugs (at least, those with known attack vectors.)
Assuming this is done, you're now left with a monolithic guest kernel (probably with many exploitable bugs) and a hypervisor with extremely difficult-to-exploit bugs. Is it more than 1? Yes, so strictly speaking, it does make it less secure. But it doesn't make it significantly less secure, and the benefits will likely outweigh the negligible security hit.
Why would you need root? If the vulnerability were in hardware, and was not in a privileged instruction, a guest with low-level access could still quite possibly compromise the hypervisor.
I've been on Slashdot long enough to know that the below is an acceptable rebuttal:
It doesn't really matter how big the operating system's attack surface to the outside world is, as long as a process running on top of it is in any way able to compromise it. If this is the case (and I don't really doubt it), a hole in one of your processes and the operating system will allow an attacker not only to compromise all identical processes, but all processes to which said operating system has access to. This has the potential to trade whatever efficiency gains running multiple processes on a single operating system provides for complete lack of control over the whole network from two small vulnerabilities.
Security is all about layers. It's about doing many things to keep your systems from becoming compromised, so that if any one of them fails, hopefully the others will minimize or mitigate the damage. If I jail a service, that's one more barrier that an attacker must overcome to get control of the bare metal. In this case, although you're adding complexity, it's possible that it increases security overall. If that process which I jailed happens to be init, and it happens to load an entire new instance of the OS, that doesn't change anything.
What can't be said is that virtualization will be as secure as running several, physical boxes (assuming there is no trust relationship between the boxes). In a virtualized scenario, a compromise on either the host or any of the guests will make it easier to attack the other guests/host. In a scenario where each machine is on separate hardware, this is not the case.
I don't understand your first point. You can "Skip the Inbox" in GMail (equivalent to archiving immediately.) The mail doesn't show up in your inbox at all. You can also delete messages if you really want to, so that they aren't anywhere in your GMail. And so what if the system has extra load--do you see it when Google's the one running the system?
The other thing that folders have that labels don't is easy drag/drop assignment. If I get an email about a subject and it's missed the filtering I can drop it directly into the correct folder in one movement. Labels just can't do that. Yeah, the extra movement of clicking a checkbox (or clicking on the e-mail) is pretty costly. I see where you're coming from now.:)
In GMail, it takes three clicks to apply a label, and one more if you also want to archive it. This is whether or not you want to read the message at the same time. In other webmail clients, it's also multiple clicks--unless they've changed recently, they don't offer much in the way of drag-and-drop. I can't speak for GMail IMAP, as my account hasn't been upgraded yet, but from the explanation of GMail-to-IMAP function mappings, it looks like moving a message to an IMAP folder in your client will have the same effect as removing the Inbox label (archiving it) and applying the new label (moving it to a new folder.) So I guess I'm still at a loss as to what you can't seem to do with labels.
I'm sure that no small part of it was designing a way to handle the protocol. Since Gmail does labels instead of folders and archives mail to remove it from the inbox, it definitely acts a bit differently from the way that we traditionally think of mail. Mapping those functions to IMAP functions was probably non-obvious.
The issue is that the documentation states that it returns nonzero, but doesn't explicitly state what it returns. This is useful for adding functionality later on. You've got a multitude of possible error codes that the function can return, and if you need to add more in a later release, you can do so.
Checking for a specific error code (in this case, the integer 1) rather than checking for !success is a stupid way to program. If the developer had adhered to the API, they wouldn't have been bitten in the ass when the function was extended.
Could you provide technical documentation to support your claim? Because from my personal experience, it's just not true.
UAC (the bit of Windows that darkens the screen and makes you click "Continue" to perform administrative actions, and which alternatively asks for a password if you aren't already running as a user who has administrative rights) is just a bit of code put between the UI and the underlying system calls. It's quite easily removable (reference here: http://blogs.msdn.com/tims/archive/2006/09/20/763275.aspx). If you remove UAC, you're left with an operating environment very similar to XP, in that administrative actions go completely unchecked by the OS, as long as you have permission to perform the action. If you don't have permission (for example, you're running as a non-administrator, or you don't have some particular token that provides the permission), then you will simply be denied access to whatever you were trying to do.
UAC was touted by Microsoft as the end-all be-all of security, and it looks like you've fallen for this hook, line, and sinker. The truth is that it's great in theory, but in practice, it's just one more dialog box for users to click through whenever they're trying to do something on their computer. In theory, UAC prevents unknown processes from subverting the system because the user will know that they didn't initiate the action that prompted UAC intervention, and they will click cancel. In practice, they'll want to get their stupid elf-bowl game working or read the e-card that a random stranger sent them, so they'll click continue so they can get back to it.
But the key, and what seemingly lead to this absurd thread, is that they are still running as administrator. It may not be the administrator username, but that's just a label. The privileges are what matter, and in Vista, they've got the privileges (barring group policies or someone intelligent setting the computer up so that they're running as an unprivileged user.) An extra click to perform administrative tasks does not mean that they aren't running as administrator. I don't understand why this is so hard to understand.
I'd love to be proven wrong. I'd love for Windows to become more secure, because simply, it would make my life easier. Please prove me wrong, but actually prove it, because the words "Technically, you are never admin under Vista," really hold no water.
`(c) OTHER RIGHTS, ETC., NOT AFFECTED- (1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
My understanding is that fair use is still a legitimate affirmative defense against the DMCA.
You're not. Read something about it. You read something about it. If you weren't an administrator, you'd have to input the administrator password in order to elevate the privileges. It may seem like semantics, but it's an important difference. UAC when you're an administrator is kinda like aliasing "rm=rm -i" when you're root. You're still root, but the system makes sure that you wanted to perform that action.
No, see the point is that you're still running as admin--it's just that administrative duties still require an extra (few) clicks. If you think that the extra clicks makes it more secure, then I'm afraid we won't be finding much common ground in this discussion.
Music from labels don't just sound the same. There are a wide variety of styles and genres. Some are developed more than others, but that's based on popularity more than anything, which is good. I would much prefer music production to be skewed on popularity than anything else. The labels only reflect what people want. I know that there are different genres, but within each genre, you've got music that almost sounds identical. You rarely get artists on labels who are able to push the envelope and put out something really fresh or new. That said, you're right--if it sells, it must be something that the people are willing to buy. I just don't think that it significantly promotes the arts to rehash the same music and lyrics over and over.
That said, I also know that there's a huge market for non-popular music. I'm no music geek, but I do have a few off-the-radar favorites like Feist (now getting more attention due to recent Apple iPod commercials), Flogging Molly, Nerf Herder, and The Refreshments (who did get a little radio play 10 years ago, but not nearly as much as they deserved.) When I let other people listen to these CDs, they tend to really enjoy the music and rush out to buy their own copies. These artists, though, don't get a lot of notice outside of the small circles of people who know about them, but almost every song on each of their CDs is really quite good, unlike the pop idols that have one or two good songs per CD, with the rest being filler. Of course, all of that is my opinion, but in discussions with other music lovers, we often have a consensus.
So I guess the point of the rambling is this: does copyright, which lends itself to big conglomerations recycling music in order to generate revenue significantly promote the arts? Is a greater body of work in the public domain more or less important than the revenue stream that the labels get?
Since most new works will effectively never fall into the public domain anymore, we have to look at illicit works that derive from currently-copyrighted material. The best example I can think of is The Grey Album. It's fantastic, it draws from the Beatles and Jay-Z, and it's definitely not just a rehash of other music, despite the fact that it uses almost nothing but other artists' work.
We certainly don't want unlimited copyright, but it's kinda hard to do legitimate civil disobedience because right now, you're very unlikely to get caught and face the consequences. It just becomes the selfish act that I talked about before. The Pirate Bay, in facilitating illegal behavior (even if they aren't doing anything illegal themselves), are drawing attention to the issue. I wish they'd talk more about why copyright is out of hand right now, but they do occasionally talk about the issues of copyright, pros and cons (well, mostly cons), etc. Because of the nature of the press and the fact that individual copyright infringement cases don't tend to get a lot of notice, sites like TPB may be the best shot at bringing attention to the issue.
I recently bought a new off-the-shelf computer with Vista. It was a Major Brand, so I imagine that there are a lot of this particular computer out there.
On this computer, Vista is set up such that the first user you create is in the Administrators group. What this means is that you never have to enter any passwords to do administrative tasks--you just have to click "Continue" a few dozen times. The user will probably do this to get back to whatever they're doing without even reading the prompt or understanding it. They're still admin, they just have an extra click in order to do system tasks that XP users don't have.
Now the same thing could be said of having to enter a password--that they'll just blindly do it. If that's true, then Linux is probably even less secure than Windows, since with Linux, you don't have to enter the password for 5 minutes (the default) after the last time that you ran sudo.
Slashdot Mirror
You pretty much can't deny it. Settings in Linux are everywhere. Most applications have their own configuration file, while Gnome has a registry-like config.
It comes from the Unix philosophy: lots of simple programs, each which does its own job very well. When trying to build a system out of these parts, it's simply going to be all over the place. It doesn't bother me too much--I read the manual, find out where to change the setting, change it, and then I'm done. It's not always intuitive, though, so people who are accustomed to just being able to figure it out by tinkering will often have problems.
You're also spot on about customization. It's the bread-and-butter of Linux, and it's why I love it. I can make my computer behave the way I want it to--I'm not stuck with dictated standards from Apple or Microsoft.
I'm going to stand by my earlier statement, though. An extra click to perform administrative tasks does not mean that they aren't running as administrator. I realize now that I should have stopped when I said: If you think that the extra clicks makes it more secure, then I'm afraid we won't be finding much common ground in this discussion. and you said Yes, it does
Amazon's service isn't really meant to replace servers. It's meant to replace number-crunching boxes.
I know about those, but they're nowhere near as easy to use as NoScript. The main thing that NoScript does better is that it will show you all of the sites used on the current page, with options to allow them individually (and temporarily, if you like.)
Opera's preferences don't make it easy. If an embedded bit of code is executing Javascript (dangerous, but sometimes useful), it can be pretty hard to track down what you need to explicitly allow. Another problem is that when you have a large list of sites with preferences, the site dialog box slows to a crawl (at least, I experience this on my machine.) When I try to manage scripting in Opera, I tend to use site preferences until I hit a site with embedded code from another host, then I'll turn on Javascript globally (because it's a pain to track down which site I need to allow), and I'll usually forget to turn it off when I'm done. That may be my own failing, but with Firefox, it's never something I have to worry about because of the NoScript extension.
Does the desktop you're sshing from not have a browser? I don't understand the difference, here.
I tend to use the Opera+Firefox solution. I use Opera for day-to-day browsing and Firefox for anything Flash other than Youtube. The only thing I miss in Opera is NoScript.
The thing is, applications are moving away from the desktop and towards the web because of the users. They are they ones who think that Internet Explorer takes them to the entire Internet. They are the ones who don't understand that you can access the Internet in other ways.
I don't see this really catching on. One of the few good things about webmail is that it gives a consistent interface no matter where you are, and you don't have to install anything special in order to use it. Bringing applications back to the desktop is a step backwards from this, and while many of us don't think it's a bad thing, many users will not see this as advancement.
Incidentally, HD-DVD doesn't include region coding, though Bluray does.
Blue Pill doesn't pose risks to virtual environments--it poses risks to machine with hardware virtualization enabled. It's irrelevant whether or not virtualization is actively being used. Furthermore, virtualized environments without hardware virtualization (such as is offered by new Intel and AMD chips) are immune to Blue Pill.
It's really a completely different subject.
Bugs aren't always exploitable, and the common classes of errors which lead to exploitable code are well known. Thus, for small projects, even if you can't squash all of the bugs, it's pretty likely that you can squash all of the exploitable bugs (at least, those with known attack vectors.)
Assuming this is done, you're now left with a monolithic guest kernel (probably with many exploitable bugs) and a hypervisor with extremely difficult-to-exploit bugs. Is it more than 1? Yes, so strictly speaking, it does make it less secure. But it doesn't make it significantly less secure, and the benefits will likely outweigh the negligible security hit.
Why would you need root? If the vulnerability were in hardware, and was not in a privileged instruction, a guest with low-level access could still quite possibly compromise the hypervisor.
I've been on Slashdot long enough to know that the below is an acceptable rebuttal:
It doesn't really matter how big the operating system's attack surface to the outside world is, as long as a process running on top of it is in any way able to compromise it. If this is the case (and I don't really doubt it), a hole in one of your processes and the operating system will allow an attacker not only to compromise all identical processes, but all processes to which said operating system has access to. This has the potential to trade whatever efficiency gains running multiple processes on a single operating system provides for complete lack of control over the whole network from two small vulnerabilities.
Security is all about layers. It's about doing many things to keep your systems from becoming compromised, so that if any one of them fails, hopefully the others will minimize or mitigate the damage. If I jail a service, that's one more barrier that an attacker must overcome to get control of the bare metal. In this case, although you're adding complexity, it's possible that it increases security overall. If that process which I jailed happens to be init, and it happens to load an entire new instance of the OS, that doesn't change anything.
What can't be said is that virtualization will be as secure as running several, physical boxes (assuming there is no trust relationship between the boxes). In a virtualized scenario, a compromise on either the host or any of the guests will make it easier to attack the other guests/host. In a scenario where each machine is on separate hardware, this is not the case.
In GMail, it takes three clicks to apply a label, and one more if you also want to archive it. This is whether or not you want to read the message at the same time. In other webmail clients, it's also multiple clicks--unless they've changed recently, they don't offer much in the way of drag-and-drop. I can't speak for GMail IMAP, as my account hasn't been upgraded yet, but from the explanation of GMail-to-IMAP function mappings, it looks like moving a message to an IMAP folder in your client will have the same effect as removing the Inbox label (archiving it) and applying the new label (moving it to a new folder.) So I guess I'm still at a loss as to what you can't seem to do with labels.
Although if you're using filters, you can use the "Skip the Inbox" action to automatically archive it, removing the Inbox label.
Clicking the archive button in Gmail is equivalent to removing the invisible "inbox" label. So deleting it in your IMAP client should archive it.
I'm sure that no small part of it was designing a way to handle the protocol. Since Gmail does labels instead of folders and archives mail to remove it from the inbox, it definitely acts a bit differently from the way that we traditionally think of mail. Mapping those functions to IMAP functions was probably non-obvious.
The issue is that the documentation states that it returns nonzero, but doesn't explicitly state what it returns. This is useful for adding functionality later on. You've got a multitude of possible error codes that the function can return, and if you need to add more in a later release, you can do so.
Checking for a specific error code (in this case, the integer 1) rather than checking for !success is a stupid way to program. If the developer had adhered to the API, they wouldn't have been bitten in the ass when the function was extended.
Could you provide technical documentation to support your claim? Because from my personal experience, it's just not true.
UAC (the bit of Windows that darkens the screen and makes you click "Continue" to perform administrative actions, and which alternatively asks for a password if you aren't already running as a user who has administrative rights) is just a bit of code put between the UI and the underlying system calls. It's quite easily removable (reference here: http://blogs.msdn.com/tims/archive/2006/09/20/763275.aspx). If you remove UAC, you're left with an operating environment very similar to XP, in that administrative actions go completely unchecked by the OS, as long as you have permission to perform the action. If you don't have permission (for example, you're running as a non-administrator, or you don't have some particular token that provides the permission), then you will simply be denied access to whatever you were trying to do.
UAC was touted by Microsoft as the end-all be-all of security, and it looks like you've fallen for this hook, line, and sinker. The truth is that it's great in theory, but in practice, it's just one more dialog box for users to click through whenever they're trying to do something on their computer. In theory, UAC prevents unknown processes from subverting the system because the user will know that they didn't initiate the action that prompted UAC intervention, and they will click cancel. In practice, they'll want to get their stupid elf-bowl game working or read the e-card that a random stranger sent them, so they'll click continue so they can get back to it.
But the key, and what seemingly lead to this absurd thread, is that they are still running as administrator. It may not be the administrator username, but that's just a label. The privileges are what matter, and in Vista, they've got the privileges (barring group policies or someone intelligent setting the computer up so that they're running as an unprivileged user.) An extra click to perform administrative tasks does not mean that they aren't running as administrator. I don't understand why this is so hard to understand.
I'd love to be proven wrong. I'd love for Windows to become more secure, because simply, it would make my life easier. Please prove me wrong, but actually prove it, because the words "Technically, you are never admin under Vista," really hold no water.
`(c) OTHER RIGHTS, ETC., NOT AFFECTED- (1) Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
My understanding is that fair use is still a legitimate affirmative defense against the DMCA.
You're not. Read something about it. You read something about it. If you weren't an administrator, you'd have to input the administrator password in order to elevate the privileges. It may seem like semantics, but it's an important difference. UAC when you're an administrator is kinda like aliasing "rm=rm -i" when you're root. You're still root, but the system makes sure that you wanted to perform that action.
No, see the point is that you're still running as admin--it's just that administrative duties still require an extra (few) clicks. If you think that the extra clicks makes it more secure, then I'm afraid we won't be finding much common ground in this discussion.
That said, I also know that there's a huge market for non-popular music. I'm no music geek, but I do have a few off-the-radar favorites like Feist (now getting more attention due to recent Apple iPod commercials), Flogging Molly, Nerf Herder, and The Refreshments (who did get a little radio play 10 years ago, but not nearly as much as they deserved.) When I let other people listen to these CDs, they tend to really enjoy the music and rush out to buy their own copies. These artists, though, don't get a lot of notice outside of the small circles of people who know about them, but almost every song on each of their CDs is really quite good, unlike the pop idols that have one or two good songs per CD, with the rest being filler. Of course, all of that is my opinion, but in discussions with other music lovers, we often have a consensus.
So I guess the point of the rambling is this: does copyright, which lends itself to big conglomerations recycling music in order to generate revenue significantly promote the arts? Is a greater body of work in the public domain more or less important than the revenue stream that the labels get?
Since most new works will effectively never fall into the public domain anymore, we have to look at illicit works that derive from currently-copyrighted material. The best example I can think of is The Grey Album. It's fantastic, it draws from the Beatles and Jay-Z, and it's definitely not just a rehash of other music, despite the fact that it uses almost nothing but other artists' work. We certainly don't want unlimited copyright, but it's kinda hard to do legitimate civil disobedience because right now, you're very unlikely to get caught and face the consequences. It just becomes the selfish act that I talked about before. The Pirate Bay, in facilitating illegal behavior (even if they aren't doing anything illegal themselves), are drawing attention to the issue. I wish they'd talk more about why copyright is out of hand right now, but they do occasionally talk about the issues of copyright, pros and cons (well, mostly cons), etc. Because of the nature of the press and the fact that individual copyright infringement cases don't tend to get a lot of notice, sites like TPB may be the best shot at bringing attention to the issue.
Almost.
I recently bought a new off-the-shelf computer with Vista. It was a Major Brand, so I imagine that there are a lot of this particular computer out there.
On this computer, Vista is set up such that the first user you create is in the Administrators group. What this means is that you never have to enter any passwords to do administrative tasks--you just have to click "Continue" a few dozen times. The user will probably do this to get back to whatever they're doing without even reading the prompt or understanding it. They're still admin, they just have an extra click in order to do system tasks that XP users don't have.
Now the same thing could be said of having to enter a password--that they'll just blindly do it. If that's true, then Linux is probably even less secure than Windows, since with Linux, you don't have to enter the password for 5 minutes (the default) after the last time that you ran sudo.