I've been a "Windows guy" (admin) for many years now, and I have a pretty decent understanding of how the NT line of Windows works - particularly the security model. Up until Vista started getting all of this pub, I had never heard of the "Windows expert", Paul Thurrott. After reading his first flaming of Vista, where he bashed it for prompting him to delete an icon the all users desktop, I knew why I had never heard of him; He doesn't know all that much about Windows. Thurrott is your classic "Mouse Click Selection Expert", Windows user. He knows where all the buttons are in Windows that "do stuff", but he has absolutely no clue what's going on under the hood.
Most of his bashing of Vista has involved issues with UAC. This is an area (security) where his knowledge of Windows hovers right around zero. I really don't don't think he fully grasps how big an endeavor it is to switch over a user base of 500 million from an OS where everyone runs as "root" and takes those privileges for granted to an OS where everyone runs with a lower privileged token (and I bet Thurrott doesn't even know what a token in Windows is). Apple did it with OSX, but instead of fully supporting legacy apps, they damned the old OS/Apps to virtual machine hell.
I managed to STFA (Skimmed the Fine Article), and sure enough Paul's big griped have to do with things that are totally out of Microsoft's control. Specifically, he bitched that his Photoshop Elements doesn't work, and he bitched that some (ActiveX laden??) website didn't work in IE7. I've run Vista on several different computers both at home and at work, and not had any problems that were not related to third party software or drivers.
It very well could be that I, knowing quite a bit about Windows, don't perceive Vista as having huge problems, even though it does, so I won't declare Vista "ready". Thurrott on the other hand is hardly qualified to declare Vista "not ready", as his expectations of what an operating system should be able to do are unreasonable.
I know you didn't mean the boot disk. Out of couriostity I downloaded dd to my XP desktop and mucked around a bit. The problem in Windows is there is no equivalent of/dev/zero and I also had trouble finding out how your reference devices under DOS. I was about to find out how to rip an iso from the cd drive, but accessing hard disk devices was another story.
I have a feeling there IS a way to do it. I just wasn't successful in finding all the info I needed in my short search.
Here is an place I found though...
It has a device driver for Windows that gives you access to the equivalent of/dev/zero and/dev/random in windows, and a utility call rawcopy.exe that is much like dd...
I've been sent to around six learning tree classes by my work over the last six years. I've got some certification from them in Windows 2000. The cert is meaningless to me, but the training was good and very valuable. All of the instructors were excellent, except for one that was a former pro baseball player - he wasn't very sharp.
"I simply cannot fathom a purpose for 8 cores for any "desktop" application that isn't in the "workstation" class."
Games that rely on complicated AI, and have multiple AI characters on the screen at once are the perfect fit. Operation Flashpoint comes to my mind. It featured pretty decent (or at least CPU intensive) AI, which unfortunately made it impossible to have a large number of units (soldiers/tanks/planes/etc) in an area at one time be cause it would completely sap the processor. If a game like Flashpoint could be written to take advantage of multiple cores/CPUs, having eight cores would increase the number of units you could have on the screen, and thus increase the realism of the game.
"Do you really think the guy that comes out to swap the motherboard on your HP server is an HP employee?"
I'm pretty sure that the guy who comes out to for service calls on our HP servers is an HP employee. It's been the same guy for years, and he does everything from our 1U x86 boxes up to our HP 9000. He always wears an HP shirt and the only 'war stories' he ever tells involve HP equipment.
I understand the "we can't code for every foreign bootsector" part, but it would be nice if in their installer would have the option of just leaving the boot sector alone.
We have programs the don't work as non-admin, but we try to fix them using file/reg permissions changes. I've still yet to find an app (that we run) that can't be tweaked to run as a regular user. One great method of making life on your users easier as non-admin is to run as a non-admin yourself. Even though I am the uber domain admin at work, I run my windows workstation as a regular user. As a result I run into the same issues that every user does. If I run into something I can't do that I think users should be able to do, I research how to fix it and send the permissions changes out the to workstations using scripts, or group policy settings. One example of something I ran into is the annoying fact that you can't change your power management settings as a regular users. A few registry permission changes were all that was need to fix that.
"Windows, by default allows you to press twice to get to the legacy logon screen (if you did not know to change the administrator password, simply type "Administrator" as the user name and press enter - BAM - You have the whole system."
Nice FUD. During Windows setup, Windows asks you for the "administrator" password. It is not blank unless you tell it to be blank. But that is besides the point. You just described how someone could take over a box if they have physical access. Linux by default is easy to own with physical access to. Every hear of single user mode?
"Programs are generally stored in the system directory [$WINDOWS\SYSTEM32]or [$PROGRAM_FILES] (forgive me if I got the environment variable names wrong), rather than being stored in their own directories. This allows multiple programs whose programmers decided to use the same "DLL" name to overwrite a previous vendors files (ever seen the message that no other program was using a file when uninstalling an application??)"
No. Programs do just normally dump their files in the program directory. They make their own folder in the program directory. As for dlls, there is a proper place for them and if windows devs don't use them, that's on them. It perfectly possible to put stuff in the wrong places in linux too.
"Configuration information is stored in a single repository, the "System Registry". All applications, by default, can write to this file. For my money, the only information that should be stored there is a path to MY CONFIGURATION FILE Windows, by default, allows install procedures (running as Administrator) to overwrite any file in the system without enforcing a rollback mechanism."
You have no clue what you are talking about. The windows registry is composed of multiple transactional databases. There are system portions of the registry, which only admins have write access too, and user portions. Each user in Windows has their own registry hive which only they (and admins) can write to for storing individual program settings and preferences. As for the system enforced rollback feature, there is system restore, which does work. What kind of systemn enforced rollback mechanism in linux are you talking about anyway? Are you talking about how most text editors will keep a backup~ copy of files you edit?
"I have no problem with programs residing in [$Program]/... Each program installed should follow the same protocol as most MATURE operatin systems (*NIX, OS/MVS, VMS, OS/360, VM/370 et al) and store it's files accordingly, under it's own identification: Basic executables in./bin Libraries needed to execute in./lib Configuration files in./etc"
And in Windows it's:
basic executables in program files\appdir Libraries in program files\common files or optionally in program files\appdir system-wide configuration settings in HKEY_LOCAL_MACHINE User-specific configuration settings in HKEY_USER or if the app prefers to keep config settings in a file... system-wide configuration settings in documents and settings\all users user specific settings in documents and settings\%username%
Actually, the prime offenders are not Microsoft products. They are third party software. I don't what you're talking about with IE. IE has allways worked fine as a non-admin.
"On Windows, many applications fail to run unless you have Administrator privileges, simply due to sloppy coding and lack of testing. As a result, almost everyone ordinary Windows user I know runs with administrator privileges. It's a completely different mind-set."
Unfortunately, you are right (see my sig), but it doesn't mean linux is any better than Windows at protecting the OS from non-root users.* It's not as hard as it used to be to run Windows as a non-admin user. I used to do way back with NT4 workstation at work, and it was a horrible PITA, but there are many tools available now that make it much easier, and much higher percentage of programs today work without admin privs in Windows.
"Removing IE in the IT policy altogether would fix most spyware"
We started to have issues with adware around three years ago. We found that removing admin access from users solved the problem completely. All ActiveX control based spyware installs become impossible without admin rights, and any other exploits which manage to execute invariably try to drop files into the windows, or some other restricted system directory and die when they can't.
Not that removing IE wouldn't help, but removing admin access helps much more.
"These are real figures measured by mileage divided by actual fuel consumed, not manufacturers figures."
I don't know about the UK, but the "manufacturer figures" advertised with new cars in the U.S. are pretty accurate. My car was advertised as getting 22-city/27-highway, and it gets exactly that.
"But the stability of KDE at work is most likely to blame on the poor choice of distribution, rather than on KDE itself."
I would have to disagree and guess that KDE is to blame. Various components of KDE crash on me all the time in FreeBSD too. Though it was several years back, the last time I ran Linux on the desktop, I remember various KDE components dying frequently.
"Usually 800+ people and nobody that can help you, unless it's a FAQ."
Not exactly shocking, considering it's "n00buntu". I ran into a Ubuntu user on a linux-centric forum who had been using linux for a couple of years and just found out that you could shutdown linux from the command-line using the "shutdown" command.
The low-end versions of Vmware do run on top of linux or Windows, but VMWare ESX runs on it's own proprietary micro-kernel with linux running right on top of it as the management interface. As a result, ESX has much lower overhead than the other versions which run on top of other OS's. With ESX 2.5, the linux part is bolted on pretty tightly and can't be assigned resources like virtual machines, whereas, the new version (3.0) of VMware is more independent of the linux management interface. 3.0 runs the linux part as a virtual machine, which can be allocated resources just like all of the other virtual machines.
Slashdot Mirror
"Any of you who listen to Security Now will have heard..."
When you find something out from Steve Gibson then chances are everyone has already known about it for quite some time.
Hell no.
I've been a "Windows guy" (admin) for many years now, and I have a pretty decent understanding of how the NT line of Windows works - particularly the security model. Up until Vista started getting all of this pub, I had never heard of the "Windows expert", Paul Thurrott. After reading his first flaming of Vista, where he bashed it for prompting him to delete an icon the all users desktop, I knew why I had never heard of him; He doesn't know all that much about Windows. Thurrott is your classic "Mouse Click Selection Expert", Windows user. He knows where all the buttons are in Windows that "do stuff", but he has absolutely no clue what's going on under the hood.
Most of his bashing of Vista has involved issues with UAC. This is an area (security) where his knowledge of Windows hovers right around zero. I really don't don't think he fully grasps how big an endeavor it is to switch over a user base of 500 million from an OS where everyone runs as "root" and takes those privileges for granted to an OS where everyone runs with a lower privileged token (and I bet Thurrott doesn't even know what a token in Windows is). Apple did it with OSX, but instead of fully supporting legacy apps, they damned the old OS/Apps to virtual machine hell.
I managed to STFA (Skimmed the Fine Article), and sure enough Paul's big griped have to do with things that are totally out of Microsoft's control. Specifically, he bitched that his Photoshop Elements doesn't work, and he bitched that some (ActiveX laden??) website didn't work in IE7. I've run Vista on several different computers both at home and at work, and not had any problems that were not related to third party software or drivers.
It very well could be that I, knowing quite a bit about Windows, don't perceive Vista as having huge problems, even though it does, so I won't declare Vista "ready". Thurrott on the other hand is hardly qualified to declare Vista "not ready", as his expectations of what an operating system should be able to do are unreasonable.
Nice troll. It would have been better if you had added lots of bold/underline/italic lettering, and if possible bigger fonts.
Thank you.
"What is wrong with the moderators?"
Most of them are idiots.
*for the idiot mods this post would be "offtopic". Please mod accordingly.
I know you didn't mean the boot disk. Out of couriostity I downloaded dd to my XP desktop and mucked around a bit. The problem in Windows is there is no equivalent of /dev/zero and I also had trouble finding out how your reference devices under DOS. I was about to find out how to rip an iso from the cd drive, but accessing hard disk devices was another story.
/dev/zero and /dev/random in windows, and a utility call rawcopy.exe that is much like dd...
I have a feeling there IS a way to do it. I just wasn't successful in finding all the info I needed in my short search.
Here is an place I found though...
It has a device driver for Windows that gives you access to the equivalent of
http://web.comhem.se/~u70313658/w32apps.htm
http://unxutils.sourceforge.net/
dd is included. I use these on my Windows servers at work all the time.
I've been sent to around six learning tree classes by my work over the last six years. I've got some certification from them in Windows 2000. The cert is meaningless to me, but the training was good and very valuable. All of the instructors were excellent, except for one that was a former pro baseball player - he wasn't very sharp.
"I simply cannot fathom a purpose for 8 cores for any "desktop" application that isn't in the "workstation" class."
Games that rely on complicated AI, and have multiple AI characters on the screen at once are the perfect fit. Operation Flashpoint comes to my mind. It featured pretty decent (or at least CPU intensive) AI, which unfortunately made it impossible to have a large number of units (soldiers/tanks/planes/etc) in an area at one time be cause it would completely sap the processor. If a game like Flashpoint could be written to take advantage of multiple cores/CPUs, having eight cores would increase the number of units you could have on the screen, and thus increase the realism of the game.
Is that you dad?
"Do you really think the guy that comes out to swap the motherboard on your HP server is an HP employee?"
I'm pretty sure that the guy who comes out to for service calls on our HP servers is an HP employee. It's been the same guy for years, and he does everything from our 1U x86 boxes up to our HP 9000. He always wears an HP shirt and the only 'war stories' he ever tells involve HP equipment.
I understand the "we can't code for every foreign bootsector" part, but it would be nice if in their installer would have the option of just leaving the boot sector alone.
"With Remote Desktop> on Windows I do not need physical access"
Wrong once again. By default, passwordless accounts cannot be used to connect to a Windows XP machine remotely.
"These are not transactional databases. They are stored as tables in one database,"
They are transactional, and they are not stored a tables in one database.
which is open for modification from amy installation program."
If that installation program has admin rights, yes. What is your point?
Here is some advice for you. If you are going to criticize Windows, try learning a thing or two about it first.
We have programs the don't work as non-admin, but we try to fix them using file/reg permissions changes. I've still yet to find an app (that we run) that can't be tweaked to run as a regular user. One great method of making life on your users easier as non-admin is to run as a non-admin yourself. Even though I am the uber domain admin at work, I run my windows workstation as a regular user. As a result I run into the same issues that every user does. If I run into something I can't do that I think users should be able to do, I research how to fix it and send the permissions changes out the to workstations using scripts, or group policy settings. One example of something I ran into is the annoying fact that you can't change your power management settings as a regular users. A few registry permission changes were all that was need to fix that.
"Windows, by default allows you to press twice to get to the legacy logon screen (if you did not know to change the administrator password, simply type "Administrator" as the user name and press enter - BAM - You have the whole system."
./bin ./lib ./etc"
Nice FUD. During Windows setup, Windows asks you for the "administrator" password. It is not blank unless you tell it to be blank. But that is besides the point. You just described how someone could take over a box if they have physical access. Linux by default is easy to own with physical access to. Every hear of single user mode?
"Programs are generally stored in the system directory [$WINDOWS\SYSTEM32]or [$PROGRAM_FILES] (forgive me if I got the environment variable names wrong), rather than being stored in their own directories. This allows multiple programs whose programmers decided to use the same "DLL" name to overwrite a previous vendors files (ever seen the message that no other program was using a file when uninstalling an application??)"
No. Programs do just normally dump their files in the program directory. They make their own folder in the program directory. As for dlls, there is a proper place for them and if windows devs don't use them, that's on them. It perfectly possible to put stuff in the wrong places in linux too.
"Configuration information is stored in a single repository, the "System Registry". All applications, by default, can write to this file. For my money, the only information that should be stored there is a path to MY CONFIGURATION FILE Windows, by default, allows install procedures (running as Administrator) to overwrite any file in the system without enforcing a rollback mechanism."
You have no clue what you are talking about. The windows registry is composed of multiple transactional databases. There are system portions of the registry, which only admins have write access too, and user portions. Each user in Windows has their own registry hive which only they (and admins) can write to for storing individual program settings and preferences. As for the system enforced rollback feature, there is system restore, which does work. What kind of systemn enforced rollback mechanism in linux are you talking about anyway? Are you talking about how most text editors will keep a backup~ copy of files you edit?
"I have no problem with programs residing in [$Program]/... Each program installed should follow the same protocol as most MATURE operatin systems (*NIX, OS/MVS, VMS, OS/360, VM/370 et al) and store it's files accordingly, under it's own identification:
Basic executables in
Libraries needed to execute in
Configuration files in
And in Windows it's:
basic executables in program files\appdir
Libraries in program files\common files or optionally in program files\appdir
system-wide configuration settings in HKEY_LOCAL_MACHINE
User-specific configuration settings in HKEY_USER
or if the app prefers to keep config settings in a file...
system-wide configuration settings in documents and settings\all users
user specific settings in documents and settings\%username%
Correct. Hopefully Vista's UAC will prompt Windows software developers to start paying attention to the security model.
"The prime offenders are Microsoft products."
Actually, the prime offenders are not Microsoft products. They are third party software. I don't what you're talking about with IE. IE has allways worked fine as a non-admin.
"On Windows, many applications fail to run unless you have Administrator privileges, simply due to sloppy coding and lack of testing. As a result, almost everyone ordinary Windows user I know runs with administrator privileges. It's a completely different mind-set."
Unfortunately, you are right (see my sig), but it doesn't mean linux is any better than Windows at protecting the OS from non-root users.* It's not as hard as it used to be to run Windows as a non-admin user. I used to do way back with NT4 workstation at work, and it was a horrible PITA, but there are many tools available now that make it much easier, and much higher percentage of programs today work without admin privs in Windows.
* Yes, I know I'm being a tad pedantic here.
"Removing IE in the IT policy altogether would fix most spyware"
We started to have issues with adware around three years ago. We found that removing admin access from users solved the problem completely. All ActiveX control based spyware installs become impossible without admin rights, and any other exploits which manage to execute invariably try to drop files into the windows, or some other restricted system directory and die when they can't.
Not that removing IE wouldn't help, but removing admin access helps much more.
"The OS protects the OS files from non-root users."
As does Windows. What makes linux special in this regard?
"These are real figures measured by mileage divided by actual fuel consumed, not manufacturers figures."
I don't know about the UK, but the "manufacturer figures" advertised with new cars in the U.S. are pretty accurate. My car was advertised as getting 22-city/27-highway, and it gets exactly that.
"But the stability of KDE at work is most likely to blame on the poor choice of distribution, rather than on KDE itself."
I would have to disagree and guess that KDE is to blame. Various components of KDE crash on me all the time in FreeBSD too. Though it was several years back, the last time I ran Linux on the desktop, I remember various KDE components dying frequently.
"Usually 800+ people and nobody that can help you, unless it's a FAQ."
Not exactly shocking, considering it's "n00buntu". I ran into a Ubuntu user on a linux-centric forum who had been using linux for a couple of years and just found out that you could shutdown linux from the command-line using the "shutdown" command.
The low-end versions of Vmware do run on top of linux or Windows, but VMWare ESX runs on it's own proprietary micro-kernel with linux running right on top of it as the management interface. As a result, ESX has much lower overhead than the other versions which run on top of other OS's. With ESX 2.5, the linux part is bolted on pretty tightly and can't be assigned resources like virtual machines, whereas, the new version (3.0) of VMware is more independent of the linux management interface. 3.0 runs the linux part as a virtual machine, which can be allocated resources just like all of the other virtual machines.
"you should remove 2 from that figure as i recieved 2 internets from my mother earlier today"
This has to be the fastest spreading ineternet meme ever.