In fact, the majority of the Christian churches in the world do in fact believe evolution is a fact of history (the Catholic Church being only the biggest and most obvious choice).
The Catholic Church does not agree with evolution. It cherry picks agreement with the bits of evolution that don't contradict its teachings (basically, everything except evolution wrt. humans).
Microsoft's relatively tiny number of developers [...]
How many developers are actively and meaningfully contributing to Linux ?
[...] have proven time and time again they are not smarter than the average bear, and they cannot prevent attacks and privilege escalations.
Evidence ?
As an example, lookup any widespread virus infestation and you'll most likely find Windows as the host OS which fails security.
Most "virus infestations" don't occur due to failings in OS level security. They occur due to end user actions and application vulnerabilities.
If you don't understand the difference between treating processes like the logged in user and running them with less privs, I don't have enough digital ink to save you.
I understand it quite well. Unlike you, I like to actually understand something before mouthing off about it.
While users may cause viruses, most of the largest viruses were spread through Windows and Windows software design flaws, most of them through Microsoft software. Take the privilege issues when previewing an item in Outlook / OE for example. Take launching a browser with system privs by default. Really, look at any of the infestations which have occurred in the past and you'll find a sloppily implemented security practice (or no security thoughts at all) in Microsoft software to blame in the majority of cases.
Thanks. I was a little unsure up until here whether you had a clue. Now I know you don't.
It was silly from the beginning when you started spewing ignorant crap.
I want a user locked down tight, so that he may ONLY perform two or three specific tasks, which are part of his job description. I want to ensure the he can't even play solitaire while on company time. So, I create his user account, require him to log in to a chrooted terminal, and he only has those two or three scripts that I make available. Nothing else. Zero interaction with any system files whatsoever - match that with group policy editor.
Limited user + Mandatory profile + execution restriction GPOs.
Yes - I've seen NT systems "locked down" to the point that the user only ever sees the screen from which he is supposed to do productive work. I've also seen unsophisticated immigrants with no technical training at all bypass the locks, to play solitaire on a production machine, and start up Internet Explorer. If ethernet had been connected, he could have downloaded any number of worms and trojans.
And I've seen Linux systems hacked in minutes. I guess that means Linux sucks, right ?
I haven't heard any statistics that support any of these theories.
And you have yet to produce any statistics to support your "theories".
Here's a few more issues to consider: access to firearms and types of firearms used.
None of your counter-theories are backed up by any kind of correlation.
I haven't offered any "counter theories". I've merely pointed out a few variables far more relevant than the influence of computer games, that you have made no attempt whatsoever to address.
Further, I don't need to offer any "counter theories". All that's necessary at the moment is to point out the gaping holes in your logic and understanding of statistics, to say nothing of your utter lack of any supporting evidence for your vague implications that somehow computer games are involved.
The problem is your other posts are trying to allude the perpetrators are somehow "better" at killing, due to some implied causative relationship with video games (eg: more accurate shooters). Your definition above, on the other hand, does not require this - it just requires a higher number of deaths.
So now you need to account for all those other variables that might affect body count. To name a few - physical size of school, school population, layout, geographic location, average student age.
Please define "worse".
Responses that, in the past, may have stopped the perpetrators before they had the chance to kill many people, but no longer occur (eg: someone attacking, rather than fleeing, teacher with a gun, more aggressive police response).
I'm saying that it appears that the school shooters, in terms of body count, have become more effective in the last 15 years or so.
Please define "effective".
If anyone has a compelling theory about this increase in the -effectiveness- of school shooters, I'm all for hearing it.
Have you considered that it's not the shooters who are getting better, but the victims who are getting worse ?
Yes, I know that shooting in a game is not the same as shooting a real weapon. But I have seen people who have combat training who are much more effective in games than people without combat training. Conversely, the military does use simulators as part of training soldiers for combat. If it wasn't effective, they wouldn't be pumping millions into simulation software.
Somehow I think the military does a little more than just plonk people down in front of a computer running Team Fortress.
My Audigy 4 still uses the original drivers from 2004. I'm not complaining though, 6 channel ASIO with 3 ms latency. I'd like to see that happening in Vista's bloat DRM-ed content paths.
If you're not outputting DRM-encumbered audio, the protected paths are not used.
Does this conclusively prove that violent games are the root cause? No.
Not only that, but "this" doesn't even provide a hypothesis, let alone actual evidence and the slim possibility of a theory.
But I strongly suspect that the kids who have gone off the deep end have been more effective killers because they have trained extensively on killing simulators (ie., violent video games).
Fud. Theres no specific reason for them not to work.
You mean apart from:
* The inability of Linux drivers to retain binary compatibility across even minor kernel bumps.
* A mainstream distro in 2001 using a 2.4.x kernel (possibly even 2.2.x).
* ALSA not being introduced in the kernel tree until 2002 (and not in a stable kernel until 2003/2004).
* Distros actually using ALSA not appearing until ca. 2004.
* The overall clusterfuck that audio in Linux has been since, well, pretty much forever.
So you're welcome to continue thinking there's no "specific reason for them not to work". I'll just sit back and laugh at the idea that you could pull an audio driver (or even typical application) out of a ca. 2001 Linux distro, drop it into a ca. 2007 Linux distro and have it work, unmodified.
One of which is the inability of anyone knowledgeable to review the code quality or to patch security holes.
You mean apart from the thousands of people Microsoft employ specifically to do that ?
By design it's a more secure system, and because of the quantity and quality of people looking at the code it's able to achieve a higher standard of security.
What design is that ?
It's the design flaws of Windows to require anitvirus software just to keep the thing alive.
The only "design flaw" that requires an antivirus is the one sitting in front of the keyboard.
You might see a few viruses, similar to how many viruses are out in the wild against Linux (almost none) but without systemwide access, a malicious program cannot do nearly as much damage.
Why not ? What common malware behaviour do you think can't be done as a regular user ? More importantly, what makes you think the malware can't fool the user into elevating it's privileges through some basic social engineering ?
The virus cannot modify system files as easily, cannot add itself as a system service or cron job as easily, and cannot subvert system processes to spread as easily.
Users can create their own scheduled jobs and startup programs. This is true on both Windows and Linux. What sort of "system process subversion" do you think most malware is using to spread ?
All of these things are still doable even when running as non-root, but they require much more work. You would first need to find a privilege escalation exploit in order to jump to root as opposed to just getting the system to execute your payload file and running as root automatically.No, you don't, because for 99% of the things malware might want to do, it doesn't need elevated privileges at all. For the 1% of stuff it does want to do, a simple "please elevate me" dialog box will probably be far more successful than attempts at privilege escalation exploits.
Permissions, primarily. As I sit here in front of my Debian/Ubuntu machine, my user name is "guy". I can do nothing outside of my home folder. I can't infect another user's files, can't touch any system file, can't touch root's folder.
So, just like Windows then ?
There is no C:\Program Files - meaning that I don't have write permissions to ANYTHING outside my home folder.
Regular users in Windows do not have write privileges to %PROGRAMFILES%. At least, not by default.
If I wish to install a program on this machine without becoming root, I can install it to my home folder. In such a case, the program has no write permissions outside my home folder. Using any programs that root has installed doesn't give me write permissions even to that program's folder - any data that the program needs to save to my profile, history, or whatever is written inside my own home folder. In fact, I don't have access to all the programs that root has installed. I have to become root to use things like Wireshark properly, or to use the package manager.
Again, just like Windows.
With Windows, a limited user has to ActiveX among other things. A limited user can save files to various places outside his home folders, unlike *nix.
Where ?
While the Windows Administrator can lock down a lot of Windows system files, he can't prevent even a limited user from making changes and/or writing files that might be booby traps lying around waiting to be executed by a more privileged user.
Of course he can.
While NT variants of Windows are vastly superior to Win9.x in that they actually HAVE a security model, that model doesn't compare with that of any *nix system.
Actually, that security model is superior to traditional UNIX. It is both more comprehensive and more capable.
Until I type in my password for sudo or root, I have fewer privileges on Debian than I would have on a limited account on Windows. I can't even open an internet connection - root does that at bootup with a script.I have no idea what you're trying to say with "open an internet connection", but rest assured a regular user in Linux can make outgoing network connections by defaut in pretty much any non-locked-down distro.
Probably because Windows won't allow you to use older drivers intended for XP in Vista and Windows 7 because they wouldn't be compatible with the DRM model.
Actually, it's because Vista and Windows 7 have a completely new audio stack. You might find your ca. 2001 Linux soundcard drivers (or, heck, even applications) don't work well with your ca. 2007 distro, as well.
Many of these cards, most notably ones made by Creative, do not have Vista/Windows 7 drivers.
What should have happened (and would have if the drivers weren't all in RNG 0) was that I'd get an error message and the drivers would be reloaded/restarted without all my work going to/dev/null.They tried that with NT 3.1-3.51. The resulting graphics performance was, at best, average.
While it would be nice if everyone had proper microkernel OSes, reality (especially with early-mid '90s hardware) dictated otherwise.
I do know that when I had NT 4 on my work box, it would BSOD three or four times a day, all caused by the video driver. It's nice to see that Microsoft learns from its mistakes, at least sometimes.
If your NT4 machine was crashing multiple times a day, it wasn't Microsoft's fault, it was the fault of whoever wrote such a poor driver.
During the ~4-5 years I used NT4, I had maybe six BSODs, only a couple of which weren't directly (and obviously) caused by catastrophic hardware failure. Your stability problems weren't because of Windows.
I absolutely hate this argument. It assumes such a simplicity, that the only consideration that people pick for coding a virus is marketshare of the target.
It does nothing of the sort.
When you can come up with a single good reason why market share is NOT a significant factor, let me know.
The fundamental problem is that Microsoft makes more money if there are security problems in Windows.
Most viruses (and malicious code in general) exploit the user or applications, not the OS.
In fact, the majority of the Christian churches in the world do in fact believe evolution is a fact of history (the Catholic Church being only the biggest and most obvious choice).
The Catholic Church does not agree with evolution. It cherry picks agreement with the bits of evolution that don't contradict its teachings (basically, everything except evolution wrt. humans).
Try doing that with an evangelical atheist sometime.
I'm a little unclear on how you can have an "evangelical atheist".
Microsoft's relatively tiny number of developers [...]
How many developers are actively and meaningfully contributing to Linux ?
[...] have proven time and time again they are not smarter than the average bear, and they cannot prevent attacks and privilege escalations.
Evidence ?
As an example, lookup any widespread virus infestation and you'll most likely find Windows as the host OS which fails security.
Most "virus infestations" don't occur due to failings in OS level security. They occur due to end user actions and application vulnerabilities.
If you don't understand the difference between treating processes like the logged in user and running them with less privs, I don't have enough digital ink to save you.
I understand it quite well. Unlike you, I like to actually understand something before mouthing off about it.
While users may cause viruses, most of the largest viruses were spread through Windows and Windows software design flaws, most of them through Microsoft software. Take the privilege issues when previewing an item in Outlook / OE for example. Take launching a browser with system privs by default. Really, look at any of the infestations which have occurred in the past and you'll find a sloppily implemented security practice (or no security thoughts at all) in Microsoft software to blame in the majority of cases.
Thanks. I was a little unsure up until here whether you had a clue. Now I know you don't.
Plausible deniability
Chances are fairly high that what you consider "plausible" and what the person with the wrench considers "plausible" will not be the same.
This is getting rather silly.
It was silly from the beginning when you started spewing ignorant crap.
I want a user locked down tight, so that he may ONLY perform two or three specific tasks, which are part of his job description. I want to ensure the he can't even play solitaire while on company time. So, I create his user account, require him to log in to a chrooted terminal, and he only has those two or three scripts that I make available. Nothing else. Zero interaction with any system files whatsoever - match that with group policy editor.
Limited user + Mandatory profile + execution restriction GPOs.
Yes - I've seen NT systems "locked down" to the point that the user only ever sees the screen from which he is supposed to do productive work. I've also seen unsophisticated immigrants with no technical training at all bypass the locks, to play solitaire on a production machine, and start up Internet Explorer. If ethernet had been connected, he could have downloaded any number of worms and trojans.
And I've seen Linux systems hacked in minutes. I guess that means Linux sucks, right ?
I haven't heard any statistics that support any of these theories.
And you have yet to produce any statistics to support your "theories".
Here's a few more issues to consider: access to firearms and types of firearms used.
None of your counter-theories are backed up by any kind of correlation.
I haven't offered any "counter theories". I've merely pointed out a few variables far more relevant than the influence of computer games, that you have made no attempt whatsoever to address.
Further, I don't need to offer any "counter theories". All that's necessary at the moment is to point out the gaping holes in your logic and understanding of statistics, to say nothing of your utter lack of any supporting evidence for your vague implications that somehow computer games are involved.
In short, NO, IT IS NOT JUST LIKE WINDOWS!!
Yes, it is. Group Policy will allow you to enact those sorts of restrictions.
Many of the things developed by the military to accomplish this new training are incorporated into video games.
For example ?
Does anyone around here speak fucking English?
The problem is your other posts are trying to allude the perpetrators are somehow "better" at killing, due to some implied causative relationship with video games (eg: more accurate shooters). Your definition above, on the other hand, does not require this - it just requires a higher number of deaths.
So now you need to account for all those other variables that might affect body count. To name a few - physical size of school, school population, layout, geographic location, average student age.
Please define "worse".
Responses that, in the past, may have stopped the perpetrators before they had the chance to kill many people, but no longer occur (eg: someone attacking, rather than fleeing, teacher with a gun, more aggressive police response).
And your point is?
Correlation != causation.
My point was to restrict the user so that the virus can't do any damage either.
How ?
I'm saying that it appears that the school shooters, in terms of body count, have become more effective in the last 15 years or so.
Please define "effective".
If anyone has a compelling theory about this increase in the -effectiveness- of school shooters, I'm all for hearing it.
Have you considered that it's not the shooters who are getting better, but the victims who are getting worse ?
Yes, I know that shooting in a game is not the same as shooting a real weapon. But I have seen people who have combat training who are much more effective in games than people without combat training. Conversely, the military does use simulators as part of training soldiers for combat. If it wasn't effective, they wouldn't be pumping millions into simulation software.
Somehow I think the military does a little more than just plonk people down in front of a computer running Team Fortress.
My Audigy 4 still uses the original drivers from 2004. I'm not complaining though, 6 channel ASIO with 3 ms latency. I'd like to see that happening in Vista's bloat DRM-ed content paths.
If you're not outputting DRM-encumbered audio, the protected paths are not used.
Does this conclusively prove that violent games are the root cause? No.
Not only that, but "this" doesn't even provide a hypothesis, let alone actual evidence and the slim possibility of a theory.
But I strongly suspect that the kids who have gone off the deep end have been more effective killers because they have trained extensively on killing simulators (ie., violent video games).
Why ?
Fud. Theres no specific reason for them not to work.
You mean apart from:
* The inability of Linux drivers to retain binary compatibility across even minor kernel bumps.
* A mainstream distro in 2001 using a 2.4.x kernel (possibly even 2.2.x).
* ALSA not being introduced in the kernel tree until 2002 (and not in a stable kernel until 2003/2004).
* Distros actually using ALSA not appearing until ca. 2004.
* The overall clusterfuck that audio in Linux has been since, well, pretty much forever.
So you're welcome to continue thinking there's no "specific reason for them not to work". I'll just sit back and laugh at the idea that you could pull an audio driver (or even typical application) out of a ca. 2001 Linux distro, drop it into a ca. 2007 Linux distro and have it work, unmodified.
One of which is the inability of anyone knowledgeable to review the code quality or to patch security holes.
You mean apart from the thousands of people Microsoft employ specifically to do that ?
By design it's a more secure system, and because of the quantity and quality of people looking at the code it's able to achieve a higher standard of security.
What design is that ?
It's the design flaws of Windows to require anitvirus software just to keep the thing alive.
The only "design flaw" that requires an antivirus is the one sitting in front of the keyboard.
You might see a few viruses, similar to how many viruses are out in the wild against Linux (almost none) but without systemwide access, a malicious program cannot do nearly as much damage.
Why not ? What common malware behaviour do you think can't be done as a regular user ? More importantly, what makes you think the malware can't fool the user into elevating it's privileges through some basic social engineering ?
The virus cannot modify system files as easily, cannot add itself as a system service or cron job as easily, and cannot subvert system processes to spread as easily.
Users can create their own scheduled jobs and startup programs. This is true on both Windows and Linux. What sort of "system process subversion" do you think most malware is using to spread ?
All of these things are still doable even when running as non-root, but they require much more work. You would first need to find a privilege escalation exploit in order to jump to root as opposed to just getting the system to execute your payload file and running as root automatically.No, you don't, because for 99% of the things malware might want to do, it doesn't need elevated privileges at all. For the 1% of stuff it does want to do, a simple "please elevate me" dialog box will probably be far more successful than attempts at privilege escalation exploits.
Permissions, primarily. As I sit here in front of my Debian/Ubuntu machine, my user name is "guy". I can do nothing outside of my home folder. I can't infect another user's files, can't touch any system file, can't touch root's folder.
So, just like Windows then ?
There is no C:\Program Files - meaning that I don't have write permissions to ANYTHING outside my home folder.
Regular users in Windows do not have write privileges to %PROGRAMFILES%. At least, not by default.
If I wish to install a program on this machine without becoming root, I can install it to my home folder. In such a case, the program has no write permissions outside my home folder. Using any programs that root has installed doesn't give me write permissions even to that program's folder - any data that the program needs to save to my profile, history, or whatever is written inside my own home folder. In fact, I don't have access to all the programs that root has installed. I have to become root to use things like Wireshark properly, or to use the package manager.
Again, just like Windows.
With Windows, a limited user has to ActiveX among other things. A limited user can save files to various places outside his home folders, unlike *nix.
Where ?
While the Windows Administrator can lock down a lot of Windows system files, he can't prevent even a limited user from making changes and/or writing files that might be booby traps lying around waiting to be executed by a more privileged user.
Of course he can.
While NT variants of Windows are vastly superior to Win9.x in that they actually HAVE a security model, that model doesn't compare with that of any *nix system.
Actually, that security model is superior to traditional UNIX. It is both more comprehensive and more capable.
Until I type in my password for sudo or root, I have fewer privileges on Debian than I would have on a limited account on Windows. I can't even open an internet connection - root does that at bootup with a script.I have no idea what you're trying to say with "open an internet connection", but rest assured a regular user in Linux can make outgoing network connections by defaut in pretty much any non-locked-down distro.
Probably because Windows won't allow you to use older drivers intended for XP in Vista and Windows 7 because they wouldn't be compatible with the DRM model.
Actually, it's because Vista and Windows 7 have a completely new audio stack. You might find your ca. 2001 Linux soundcard drivers (or, heck, even applications) don't work well with your ca. 2007 distro, as well.
Many of these cards, most notably ones made by Creative, do not have Vista/Windows 7 drivers.
Which is Creative's fault, not Microsoft's.
What should have happened (and would have if the drivers weren't all in RNG 0) was that I'd get an error message and the drivers would be reloaded/restarted without all my work going to /dev/null.They tried that with NT 3.1-3.51. The resulting graphics performance was, at best, average.
While it would be nice if everyone had proper microkernel OSes, reality (especially with early-mid '90s hardware) dictated otherwise.
I do know that when I had NT 4 on my work box, it would BSOD three or four times a day, all caused by the video driver. It's nice to see that Microsoft learns from its mistakes, at least sometimes.
If your NT4 machine was crashing multiple times a day, it wasn't Microsoft's fault, it was the fault of whoever wrote such a poor driver.
During the ~4-5 years I used NT4, I had maybe six BSODs, only a couple of which weren't directly (and obviously) caused by catastrophic hardware failure. Your stability problems weren't because of Windows.
In addition, DRM scrambles and re-arranges the data constantly and this slows it down as well.
No, it does not.
This is why you can't adjust the bass and trebble with Vista but can with the same hardware in XP. Access to the hardware is limited.
No, it's not. Complain to your sound card vendor.
Plus, when you have mission critical systems that need to be online 24/7 [...]
If any single system needs to be online 24/7, your architecture is broken.
This is true regardless of what your OS is.
Question for people smarter than me: If Linux is on 80% (or so) of servers out there, you'd think there'd be viruses like crazy for Linux, right?
No.
I absolutely hate this argument. It assumes such a simplicity, that the only consideration that people pick for coding a virus is marketshare of the target.
It does nothing of the sort.
When you can come up with a single good reason why market share is NOT a significant factor, let me know.