Argh, I keep thinking server perspective. But one thing you could do, assuming the app is GUI is setup the system to boot straight to the app with xinit. Not hard. Better yet, boot to a wrapper script that starts the app, and on app exit, shuts down the system. Of course all of this should be run under its own user. Then setup user-based iptables rule to block any traffic that isn't x, y, or z. If the app isn't GUI things are even easier, 'cause you can just set the user's shell to the app. I'm sure there are other solutions to launching straight into the app other than bypassing the window manager for all users, but off the top of my head that's all I could think of. And ultimately, this is what I like about *nix systems: there's always a way to do it.. sometimes yeah it may be a bit hacky, but I know a solution to that particular problem wouldn't be all that hacky at all.
Well you definitely can't do time based access control very easily. But other than that, give me a task and let me see if I can think of a sane way of limiting access.:)
Oh, and now that it's not late at night, I can think a bit: Most of the things that you want to lock down that I can think of can be done so via *nix r/w/e bits in any reasonably setup system. It might not be quite as obvious as group policy, but it can get pretty dang granular.
Oh I'm not one of those "This is the year of the Linux desktop!" folks. In its current state, the Linux desktop only really works as a workstation of someone who is inclined to take the time and effort to learn both its intricacies and its (many) quirks. I absolutely love my Debian Wheezy KDE build as a development workstation, but I'm not delusional enough to think that it would serve a non-techie the same way it's served me.
What I really don't get, though, is how Microsoft has managed to gain so much ground in the development arena. All of the.NET web stuff, etc... there's plenty of open source solutions that are both more flexible and free (or cheap). Low resource requirements, excellent stability, super easy maintenance: what is there not to love? Granted, the sys admins need more experience to get started than clicking around a GUI.:)
As far as small business goes, the only trouble I see with Microsoft (from the client perspective) is the same of any large vendor: lockin. Things can get expensive fast and it's hard to jump ship.
Since we're talking desktops, sure I can see why small businesses might break even when choosing Microsoft.:) You're right, application-level security is not impressive (or even that usable) in Linux, although admittedly I don't know much about AppArmor. But then, I've never had the need in the server world to use anything like that.
I just don't trust users. I suppose one could lock the box down so no surfing could occur. That would ultimately be my concern. It's late and I think more than likely I'm being retarded.
Most likely they aren't listening on a port for anything.
Implies a simple port filter. I realize that Windows firewall can be much more fine-grained than that. But it's a moot point. My whole point is that slapping a firewall is no substitute for security updates. "Slapping a firewall on it" does not solve all of the problems with the unsupported OS being on the internet.
But that won't address security problems that arise when connecting to a server/computer, which is the vast majority of connections when a "client" in the client/server model.
Can't tell if you're serious or not... I'll bite, though. I'd love to reward them for their work if their work fit my needs/criteria, but it does not. The price tag is simply too steep. As stated earlier, if there were more options as to what sort of processing power the thing had, perhaps the price point would be more flexible but alas, there are not.
What I want:
High resolution screen
Small and lightweight form factor, preferably 11-13" screen
Affordable (definitely sub $1000)
SSD storage (optional, does not have to be huge)
Why is that not possible? Why can't they release a thin, high resolution laptop that *doesn't* play all of the latest games? Everything work-related that I do can be done on a budget dual or quad core CPU, 4 GB of RAM, and cheapo graphics.
Obviously, 11-13" is not ideal. But I'm not looking for ideal in a laptop. I'm looking for something I can take to {somewhere nice to work} for a few hours and get by. No laptop will be able to replace my desktop setup; at least not without several large displays.:) But I'd rather have a small laptop that kind of works that I will actually use than a large laptop that still kind of works that I don't want to lug around.:)
Yes, that's what I will do if I buy an Air for work. It sure would be nice if the 11" Air had a decent resolution. I don't mind whatever it is for every day use, but it's not nearly enough real estate for development. My original comment probably came across wrong: my point is there aren't enough options, it seems.. or at least not enough options at a competitive price. It'd be nice to have the option of buying a thin laptop with decent resolution with perhaps less under the hood. Not all of us need a core i7 or i5. It seems like you have to go all or nothing, thus getting stuck with a $1500+ bill.
Yes but some of us do prefer to run Linux than OSX. Granted this laptop is too expensive. I'm going to be shopping for a laptop soon and frankly I'll probably be caught between this and another MacBook Air... sigh.
... but it's Debian. Wheezy's been rock solid for quite some time now. This isn't Canonical or Microsoft. That said, Debian's the only O/S I know of that I'd remotely trust with a x.0 release.:)
No, you need to rethink your position. Jury nullification used to be common place during prohibition because the law was retarded. If the law is retarded enough to allow someone to spy on their neighbor and the jury is smart enough to recognize the stupidity of the law, they should and will just nullify it. The jury is the law in the courtroom, not the judge, not even... the law!
Interestingly, people breaking traffic laws are rarely dangerous, but the cops pulling people over almost always is. I was driving home recently, going about 5-10 over. Car ahead of me was doing maybe 2-3 MPH faster, pretty much the flow of traffic. Out of nowhere, an officer swoops in from behind me, easily going 10-20 MPH faster than I, slams on his breaks, moves into my lane, cutting me off, and pulls the poor soul over. Ridiculous. Never mind the cops who hold up traffic on busy streets for little or no reason; seems like I see that daily around here. Safety, my ass.
wealthy people are wealthy largely because their family is wealthy, not due to hard work (which anyone can do).
Citation needed. Isn't it quite possible that many wealthy people are wealthy largely because their parents taught them how to make and handle money? Yes, there are other advantages to coming from a well off family, but you can make $1m/year and still be broke if you're bad with money.
But a gigabyte is 2^30, so how can you say you'd use gigabytes for both measurements? And every single application on your system is designed with kilobytes, megabytes, gigabytes in mind. You think that they should all switch to base-10 units?
(To be more specific, I was talking about 375 gigabytes (375 * 2^30) fitting on a 400 "GB" drive (400 * 10^9). It doesn't.)
This whole problem could have been avoided if it wasn't for those idiotic marketers.
Are you asserting that the disk size should be reported by the OS/apps in "GB" and files should be reported as kilobytes, megabytes, etc? What happens when you try to copy 375 gigabytes to a 400GB hard disk (let's ignore filesystem overhead in this example) and it doesn't fit? Your tools will report that you have "400 GB" free, yet the disk doesn't have room. That's not intuitive.
No. The "correct thing" would not be to confuse the consumer by labeling their sizes as 100GB, 500GB, etc. Deceit is never "the right thing to do" and that is exactly what they did. People see "GB" and think gigabyte; for it to mean anything else is intentionally confusing/deceitful. Should they be forced to use gigabytes, megabytes, etc? No, but they should have the decency to call their new decimal-based measurements something else entirely.
Yes, there are freedom fighters.. but the vast majority don't care. And I think it can be argued that at no time in history has there been such a prevalence of tools to keep the sheep stupid and distracted as now. While a wonderful thing, technology has this uncanny ability to be very useful to those who want to be in power and control others.
Slashdot Mirror
Argh, I keep thinking server perspective. But one thing you could do, assuming the app is GUI is setup the system to boot straight to the app with xinit. Not hard. Better yet, boot to a wrapper script that starts the app, and on app exit, shuts down the system. Of course all of this should be run under its own user. Then setup user-based iptables rule to block any traffic that isn't x, y, or z. If the app isn't GUI things are even easier, 'cause you can just set the user's shell to the app. I'm sure there are other solutions to launching straight into the app other than bypassing the window manager for all users, but off the top of my head that's all I could think of. And ultimately, this is what I like about *nix systems: there's always a way to do it.. sometimes yeah it may be a bit hacky, but I know a solution to that particular problem wouldn't be all that hacky at all.
Well you definitely can't do time based access control very easily. But other than that, give me a task and let me see if I can think of a sane way of limiting access. :)
Oh, and now that it's not late at night, I can think a bit: Most of the things that you want to lock down that I can think of can be done so via *nix r/w/e bits in any reasonably setup system. It might not be quite as obvious as group policy, but it can get pretty dang granular.
Oh I'm not one of those "This is the year of the Linux desktop!" folks. In its current state, the Linux desktop only really works as a workstation of someone who is inclined to take the time and effort to learn both its intricacies and its (many) quirks. I absolutely love my Debian Wheezy KDE build as a development workstation, but I'm not delusional enough to think that it would serve a non-techie the same way it's served me.
What I really don't get, though, is how Microsoft has managed to gain so much ground in the development arena. All of the .NET web stuff, etc... there's plenty of open source solutions that are both more flexible and free (or cheap). Low resource requirements, excellent stability, super easy maintenance: what is there not to love? Granted, the sys admins need more experience to get started than clicking around a GUI. :)
As far as small business goes, the only trouble I see with Microsoft (from the client perspective) is the same of any large vendor: lockin. Things can get expensive fast and it's hard to jump ship.
Since we're talking desktops, sure I can see why small businesses might break even when choosing Microsoft. :) You're right, application-level security is not impressive (or even that usable) in Linux, although admittedly I don't know much about AppArmor. But then, I've never had the need in the server world to use anything like that.
I just don't trust users. I suppose one could lock the box down so no surfing could occur. That would ultimately be my concern. It's late and I think more than likely I'm being retarded.
Most likely they aren't listening on a port for anything.
Implies a simple port filter. I realize that Windows firewall can be much more fine-grained than that. But it's a moot point. My whole point is that slapping a firewall is no substitute for security updates. "Slapping a firewall on it" does not solve all of the problems with the unsupported OS being on the internet.
But that won't address security problems that arise when connecting to a server/computer, which is the vast majority of connections when a "client" in the client/server model.
Can't tell if you're serious or not... I'll bite, though. I'd love to reward them for their work if their work fit my needs/criteria, but it does not. The price tag is simply too steep. As stated earlier, if there were more options as to what sort of processing power the thing had, perhaps the price point would be more flexible but alas, there are not.
What I want:
Why is that not possible? Why can't they release a thin, high resolution laptop that *doesn't* play all of the latest games? Everything work-related that I do can be done on a budget dual or quad core CPU, 4 GB of RAM, and cheapo graphics.
Obviously, 11-13" is not ideal. But I'm not looking for ideal in a laptop. I'm looking for something I can take to {somewhere nice to work} for a few hours and get by. No laptop will be able to replace my desktop setup; at least not without several large displays. :) But I'd rather have a small laptop that kind of works that I will actually use than a large laptop that still kind of works that I don't want to lug around. :)
Yes, that's what I will do if I buy an Air for work. It sure would be nice if the 11" Air had a decent resolution. I don't mind whatever it is for every day use, but it's not nearly enough real estate for development. My original comment probably came across wrong: my point is there aren't enough options, it seems.. or at least not enough options at a competitive price. It'd be nice to have the option of buying a thin laptop with decent resolution with perhaps less under the hood. Not all of us need a core i7 or i5. It seems like you have to go all or nothing, thus getting stuck with a $1500+ bill.
Yes but some of us do prefer to run Linux than OSX. Granted this laptop is too expensive. I'm going to be shopping for a laptop soon and frankly I'll probably be caught between this and another MacBook Air... sigh.
... but it's Debian. Wheezy's been rock solid for quite some time now. This isn't Canonical or Microsoft. That said, Debian's the only O/S I know of that I'd remotely trust with a x.0 release. :)
No, you need to rethink your position. Jury nullification used to be common place during prohibition because the law was retarded. If the law is retarded enough to allow someone to spy on their neighbor and the jury is smart enough to recognize the stupidity of the law, they should and will just nullify it. The jury is the law in the courtroom, not the judge, not even... the law!
Interestingly, people breaking traffic laws are rarely dangerous, but the cops pulling people over almost always is. I was driving home recently, going about 5-10 over. Car ahead of me was doing maybe 2-3 MPH faster, pretty much the flow of traffic. Out of nowhere, an officer swoops in from behind me, easily going 10-20 MPH faster than I, slams on his breaks, moves into my lane, cutting me off, and pulls the poor soul over. Ridiculous. Never mind the cops who hold up traffic on busy streets for little or no reason; seems like I see that daily around here. Safety, my ass.
And the most retarded post of the day goes to... you!
wealthy people are wealthy largely because their family is wealthy, not due to hard work (which anyone can do).
Citation needed. Isn't it quite possible that many wealthy people are wealthy largely because their parents taught them how to make and handle money? Yes, there are other advantages to coming from a well off family, but you can make $1m/year and still be broke if you're bad with money.
All of these problems magically go away when a flexible telecommute arrangement is made.
But a gigabyte is 2^30, so how can you say you'd use gigabytes for both measurements? And every single application on your system is designed with kilobytes, megabytes, gigabytes in mind. You think that they should all switch to base-10 units?
(To be more specific, I was talking about 375 gigabytes (375 * 2^30) fitting on a 400 "GB" drive (400 * 10^9). It doesn't.)
This whole problem could have been avoided if it wasn't for those idiotic marketers.
Are you asserting that the disk size should be reported by the OS/apps in "GB" and files should be reported as kilobytes, megabytes, etc? What happens when you try to copy 375 gigabytes to a 400GB hard disk (let's ignore filesystem overhead in this example) and it doesn't fit? Your tools will report that you have "400 GB" free, yet the disk doesn't have room. That's not intuitive.
Not when they go in, view the size of their disk and find that it's 93 GB, instead of 100 GB.
No. The "correct thing" would not be to confuse the consumer by labeling their sizes as 100GB, 500GB, etc. Deceit is never "the right thing to do" and that is exactly what they did. People see "GB" and think gigabyte; for it to mean anything else is intentionally confusing/deceitful. Should they be forced to use gigabytes, megabytes, etc? No, but they should have the decency to call their new decimal-based measurements something else entirely.
Yes, there are freedom fighters.. but the vast majority don't care. And I think it can be argued that at no time in history has there been such a prevalence of tools to keep the sheep stupid and distracted as now. While a wonderful thing, technology has this uncanny ability to be very useful to those who want to be in power and control others.
There are always exceptions. Don't be so easily offended.
Why? You really need to mod yourself down that badly?