I can't provide you a hard scientific study that shows what resources an idle GUI takes up in Windows, but based on tests I've done, it makes sense to me that if it's not being used, pretty much ALL modern OSs are smart enough to page it out and it will not take up many resources.
The tests I'm referring to are some gaming benchmarks I did that compared gaming performance of FreeBSD 5.4 vs Windows XP Pro.
After posting them to a messageboard, someone said the test was unfair because FreeBSD didn't have to load a bloated desktop manager and Windows did. Based I what I had read about modern OS's, I thought this was wrong. To prove my point, I redid all of the tests with different setups.
In the original FreeBSD benchmarks, I created separate accounts for the games. When starting X from these accounts their xinitrc file would load the game instead of a desktop/window manager. This would supposedly help the games run as fast as possible. In the Windows benchmarks, I loaded the games from the regular Windows desktop, but took care to disable all other running programs.
In the second set of FreeBSD benchmarks, I loaded the games directly from my gloriously bloated KDE 3.4 desktop. The results were exactly the same as the first set of benchmarks. In the second set of Windows benchmarks, I installed a light 3rd-party explorer replacement (lightstep I think), and disabled about 10-15 windows services. This reduced the default memory usage in Windows from about 110MB to around 80MB. Again, the results were exactly the same as the first set of benchmarks.
Now, it may be that my system has too much memory to properly tell how well BSD or Windows were able to page out unused programs, but another piece of evidence I could give you would be what I see when I load up process Explorer and take a look at CPU usage on the windows machine I'm typing at right now. For the most part it says 0%. Sometimes it jumps up to 3-5%, but when I look at the list of processes, it's firefox that is taking up those cycles.
So, if no one is logged onto a windows machine, I hardly see how it's GUI is going to degrade performance. Perhaps on a super low memory machine (like 64MB) there might be somewhat of a performance hit, but if you're using a machine like that for a server, then you're probably (hopefully) using it as a router or other network device, in which case, Windows is the wrong choice anyway.
"If you are correct that a Windows admin can change the ACL of a file they have no permissions to simply by taking ownership of the file then Windows ACLs are not as effective as selinux policies which can be tailored to absolutely restrict access."
All the built in administrator group in Windows is, is a group with lots of rights assigned to it by default. The ability to take ownership of files is a right granted by default to the administrators group in Windows, and it can be taken away. If you take away the right to take ownership of objects from administrators, then files that they don't have the 'take ownership' right to, they couldn't touch.
In your SELinux example, what was the point of having a root account that can't do anything? Who exactly has the right to change those rights? There has to be SOMEBODY at the top with all of the keys. Is is a single user mode thing, where you have to start up in single user mode to set policies?
When you clear the security log in windows, the log is cleared and then an entry is put in that says you cleared the log. You can clear the log a million times over and there will allwats be one entry at the beggining saying that "you cleared the log".
You can't delete the logs....okay, well you [i]can[/i] (I think), by stopping...err, KILLING....the event log service, but another policy can be put into place that causes the system to shut down immidiately if the system is unable to log security events. You could change the policy, but then that would generate a log entry too, and you would have to kill the event log service and then delete log to get rid of that which would clear all of the other events too.....
In situations where security is paramount, a third party in your organization will be auditing the security logs and if you cleared them to cover something up, a large chunk of time would be missing from the logs. This would raise reg flags.
LocalSystem is granted everything by default, but restrictions can be put on it, and LocalSystem can't ignore restrictions put on it like root can in Unix. There really is no comparison to *nix root account in Windows.
I have a 19 month old and a two month old. My oldest can't say a single word but his level of comprehension has continually suprised I and my wife. For example, his grandmother was over watching him and had let her little ankle biter dog out into the backyard to pee. The dog was standing at the door looking in. Not expecting him to actaully comprehend she said to him "can you please let the dog in?". She was pleasantly suprised when he walked right over to the sliding glass door, unlocked it, walked outside behind the dog, pushed the dog into the house from behind, walked back in, closed the door and locked it.
Another time, I was hanging something on the wall and had a set of screws on the table. I wasn't paying attention and he took the screws down and started playing with them. Before I knew it the screws were everywhere. I found all but one of them, but I needed the missing one. Desperate to find the screw, I held it in front of him and asked "Can you help me find the screw?". He immediately started pacing around the room, scanning the floor intently - until his attention was broken. He didn't find the scew, but it was obvious that he "got it".
Days after our youngest was born, I was changing his diaper one day and my oldest was in the room watching. Just for the hell of it I asked him, "Can you hand me a diaper?" I had never asked him to get me anything before, but he immediately ran over to the diaper bag and grabbe me a diaper. It was the wrong size diaper, but.....:)
Chimps are hardly "considered an adult by age three". Chimps don't even have the ability to hold on to their mother until about 6 months, they don't leave thier mother's back until age 3 and don't leave their mother's side until around age 7. They don't start puberty until age 7-10 and can't reproduce until age 12 or 13. Their lifespan in captivity is 60 years - in the wild around 40. Every single one of those developmental milestones are pretty damn close to the human equivalents.
I agree, it would be nice to know how old the Chimps were - the article just said "young chimps" - but to claim bias based on your set of "facts" is wrong.
I don't think it will be too bad. If they had done this (make default account limited) with XP, then I think all hell would have broken loose due to the fact that there were practically zero programs written with the NT security model in mind. Not all - but many programs now are written to play nicely with Windows. The ones that aren't will be forced to change or be left in the dust.
Paul Murphy is a Sun fanboy, who swears that sun-ray thin clients are the right solution to every corporate computing problem. He is famous for posting huge blanket assumptions, like "Given the fact that Windows allways crashes, and linux/solaris never ever do....." and "Given the fact that linux allways provides a lower TCO over Windows...".
He is also famous for not replying only to comments that agree with him, and completely ignoring comments that point out his bias, and/or point out when he is flat out wrong.
"The $35 linksys piece of crap can (at least in theory) "deal" with real IP addresses even more easily than it can deal with private ones. The linksys already has a firewall. All you'd be doing is removing the NAT functionality. Everything else can stay the same. The device would be even simpler."
Correct. NAT requires that each packet going in and out be modified on the fly, which requires extra processing power over simply checking packets against a list of rules. Taking NAT away reduces the amount of work that has to be done by the device.
5.x to 6.x is not a hard upgrade at all. My desktop at home was running 5.1 when I first set it up, and it's gone from there to 5.2 > 5.4 > 6.0_BETA1 > 6.0_RC1 with no issues at all. As for performance gains, I did do a run of UNIXBENCH on 5.4 and compared it to 6.0_BETA and I saw higher scores accross the board. Though UNIXBENCH isn't exactly real-world stuff, it would indicate that overall performance is somewhat improved in 6.
"not only did he not see any humor, he thought the rednecks were right, and also agreed with them that no sports team would ever have a demon logo (not being much of a sports fan, I couldn't rebut him immediately)."
Wow, not only was he an ignant fuktard, he didn't even know anything about sports. Good on you ditching that pansy-ass.
If you ever come accros a time machine, you can go back and really yank his chain by informing him of the several major universities that do in fact have "devil" or "demon" themes in their mascots.
Slashdot Mirror
I can't provide you a hard scientific study that shows what resources an idle GUI takes up in Windows, but based on tests I've done, it makes sense to me that if it's not being used, pretty much ALL modern OSs are smart enough to page it out and it will not take up many resources.
The tests I'm referring to are some gaming benchmarks I did that compared gaming performance of FreeBSD 5.4 vs Windows XP Pro.
You can see the benchmarks here.
After posting them to a messageboard, someone said the test was unfair because FreeBSD didn't have to load a bloated desktop manager and Windows did. Based I what I had read about modern OS's, I thought this was wrong. To prove my point, I redid all of the tests with different setups.
In the original FreeBSD benchmarks, I created separate accounts for the games. When starting X from these accounts their xinitrc file would load the game instead of a desktop/window manager. This would supposedly help the games run as fast as possible. In the Windows benchmarks, I loaded the games from the regular Windows desktop, but took care to disable all other running programs.
In the second set of FreeBSD benchmarks, I loaded the games directly from my gloriously bloated KDE 3.4 desktop. The results were exactly the same as the first set of benchmarks. In the second set of Windows benchmarks, I installed a light 3rd-party explorer replacement (lightstep I think), and disabled about 10-15 windows services. This reduced the default memory usage in Windows from about 110MB to around 80MB. Again, the results were exactly the same as the first set of benchmarks.
Now, it may be that my system has too much memory to properly tell how well BSD or Windows were able to page out unused programs, but another piece of evidence I could give you would be what I see when I load up process Explorer and take a look at CPU usage on the windows machine I'm typing at right now. For the most part it says 0%. Sometimes it jumps up to 3-5%, but when I look at the list of processes, it's firefox that is taking up those cycles.
So, if no one is logged onto a windows machine, I hardly see how it's GUI is going to degrade performance. Perhaps on a super low memory machine (like 64MB) there might be somewhat of a performance hit, but if you're using a machine like that for a server, then you're probably (hopefully) using it as a router or other network device, in which case, Windows is the wrong choice anyway.
"If you are correct that a Windows admin can change the ACL of a file they have no permissions to simply by taking ownership of the file then Windows ACLs are not as effective as selinux policies which can be tailored to absolutely restrict access."
All the built in administrator group in Windows is, is a group with lots of rights assigned to it by default. The ability to take ownership of files is a right granted by default to the administrators group in Windows, and it can be taken away. If you take away the right to take ownership of objects from administrators, then files that they don't have the 'take ownership' right to, they couldn't touch.
In your SELinux example, what was the point of having a root account that can't do anything? Who exactly has the right to change those rights? There has to be SOMEBODY at the top with all of the keys. Is is a single user mode thing, where you have to start up in single user mode to set policies?
But I expected someone to drop the 'L bomb'.
So what else is available that is better?
He said "Standard UNIX". SELinux configurations are hardly "standard" and Linux is not UNIX.
When you clear the security log in windows, the log is cleared and then an entry is put in that says you cleared the log. You can clear the log a million times over and there will allwats be one entry at the beggining saying that "you cleared the log".
You can't delete the logs....okay, well you [i]can[/i] (I think), by stopping...err, KILLING....the event log service, but another policy can be put into place that causes the system to shut down immidiately if the system is unable to log security events. You could change the policy, but then that would generate a log entry too, and you would have to kill the event log service and then delete log to get rid of that which would clear all of the other events too.....
In situations where security is paramount, a third party in your organization will be auditing the security logs and if you cleared them to cover something up, a large chunk of time would be missing from the logs. This would raise reg flags.
LocalSystem is granted everything by default, but restrictions can be put on it, and LocalSystem can't ignore restrictions put on it like root can in Unix. There really is no comparison to *nix root account in Windows.
Looks like the little whore succeeded.
What OS do you need to run to be secure?
My wife is an English major working on her MA. I get enough grammar tips as is it.
I have a 19 month old and a two month old. My oldest can't say a single word but his level of comprehension has continually suprised I and my wife. For example, his grandmother was over watching him and had let her little ankle biter dog out into the backyard to pee. The dog was standing at the door looking in. Not expecting him to actaully comprehend she said to him "can you please let the dog in?". She was pleasantly suprised when he walked right over to the sliding glass door, unlocked it, walked outside behind the dog, pushed the dog into the house from behind, walked back in, closed the door and locked it.
:)
Another time, I was hanging something on the wall and had a set of screws on the table. I wasn't paying attention and he took the screws down and started playing with them. Before I knew it the screws were everywhere. I found all but one of them, but I needed the missing one. Desperate to find the screw, I held it in front of him and asked "Can you help me find the screw?". He immediately started pacing around the room, scanning the floor intently - until his attention was broken. He didn't find the scew, but it was obvious that he "got it".
Days after our youngest was born, I was changing his diaper one day and my oldest was in the room watching. Just for the hell of it I asked him, "Can you hand me a diaper?" I had never asked him to get me anything before, but he immediately ran over to the diaper bag and grabbe me a diaper. It was the wrong size diaper, but.....
Chimps are hardly "considered an adult by age three". Chimps don't even have the ability to hold on to their mother until about 6 months, they don't leave thier mother's back until age 3 and don't leave their mother's side until around age 7. They don't start puberty until age 7-10 and can't reproduce until age 12 or 13. Their lifespan in captivity is 60 years - in the wild around 40. Every single one of those developmental milestones are pretty damn close to the human equivalents.
I agree, it would be nice to know how old the Chimps were - the article just said "young chimps" - but to claim bias based on your set of "facts" is wrong.
I'm having trouble reading your comment. There are too many words. Can you condense it into a couple of sentences please?
Hmmm.
fanboy rhetoric == insightfull
Calling someones bullshit == troll
This slashdot croud is strange.
What a bunch of bullshit.
Well then there are probably around two million CIO's in the U.S. alone that need to fired right now. That would be pretty harsh on the economy.
I don't think it will be too bad. If they had done this (make default account limited) with XP, then I think all hell would have broken loose due to the fact that there were practically zero programs written with the NT security model in mind. Not all - but many programs now are written to play nicely with Windows. The ones that aren't will be forced to change or be left in the dust.
Paul Murphy is a Sun fanboy, who swears that sun-ray thin clients are the right solution to every corporate computing problem. He is famous for posting huge blanket assumptions, like "Given the fact that Windows allways crashes, and linux/solaris never ever do....." and "Given the fact that linux allways provides a lower TCO over Windows...".
He is also famous for not replying only to comments that agree with him, and completely ignoring comments that point out his bias, and/or point out when he is flat out wrong.
"Is /. worth a full website? Perhaps two pages (Linux rulz & FOSS is teh r0x0r) would be enough..."
I've got that domain already. Not sure what I'm going to do with it though.
http://linuxistehr0x0rs.net/
" I think the Windows Environment is whats causing the main problem here."
Really, I thought it was the "no internet access" part that was causing the problem.
How do thin clients work out when there's no network connection present?
"The $35 linksys piece of crap can (at least in theory) "deal" with real IP addresses even more easily than it can deal with private ones. The linksys already has a firewall. All you'd be doing is removing the NAT functionality. Everything else can stay the same. The device would be even simpler."
Correct. NAT requires that each packet going in and out be modified on the fly, which requires extra processing power over simply checking packets against a list of rules. Taking NAT away reduces the amount of work that has to be done by the device.
All debugging was turned off on the 6.x machine.
# package sense_of_humour depends on package common_sense
# fetching common_sense from....
Yep,
5.x to 6.x is not a hard upgrade at all. My desktop at home was running 5.1 when I first set it up, and it's gone from there to 5.2 > 5.4 > 6.0_BETA1 > 6.0_RC1 with no issues at all. As for performance gains, I did do a run of UNIXBENCH on 5.4 and compared it to 6.0_BETA and I saw higher scores accross the board. Though UNIXBENCH isn't exactly real-world stuff, it would indicate that overall performance is somewhat improved in 6.
"not only did he not see any humor, he thought the rednecks were right, and also agreed with them that no sports team would ever have a demon logo (not being much of a sports fan, I couldn't rebut him immediately)."
;))
Wow, not only was he an ignant fuktard, he didn't even know anything about sports. Good on you ditching that pansy-ass.
If you ever come accros a time machine, you can go back and really yank his chain by informing him of the several major universities that do in fact have "devil" or "demon" themes in their mascots.
Arizona State Sundevils (taxpayer funded!
Duke Blue Devils
Wake Forest Demon Deacons
There are many more