I'm sure Ubuntu itself does - in fact, I know it does because I've manually installed it (the installer is massively overrated, IMHO) into an LVM configuration.
I was commenting on the apparent lack of support in the automated installation processes for LVM and/or RAID configurations making it unusable for us.
Similarly, Linux isn't displacing NT, it's displacing commercial UNIX.
The overlap of functionality between NT and Linux is, really, quite small. There aren't many cases for which Linux is a good solution, where NT could also be (and vice versa).
You can use Kickstart on Ubuntu, or you can use Ubuntu's automatic installation (preseeding debian-installer), which is much more powerful, and lets you configure pretty much anything you want at install time.
Thanks, looks like they're on the way to something decent.
The apparent lack of LVM and RAID capability, however, would make it a non-starter for us. I hope they keep improving it rapidly.
If AT&T wants to continue to be called a common carrier and NOT sued when users download child porn via their network then they need to keep out of the content arena entirely. AT&T should make absolutely no distinction between packets that flow from outside its network to one of its subscribers for the purposes of "quality of service".
This argument is completely and utterly bogus. Even someone with only a basic grasp of TCP/IP can understand that prioritising a packet based on source/destination IP - and even port - tells you nothing meaningful about its content.
The "takes away common carrier status" argument is groundless. You won't be able to convince anyone even remotely knowledgable with it.
Since you seemed to miss the point... I was trying to point out why the fact Microsoft are running the browser under a set of tighter permissions, does not at all point to the "conclusion" the GP drew.
Where did you come to this conclusion ? What is that logic ?
Well, let's see. It might have something to do with the fact that the whole point of a web browser is to connect to, and download data from, largely unknown, unverifiable and untrusted sources.
It just means a browser is an application dealing with an insecure and potentially hostile environment. It doesn't mean the app itself is insecure, it rather means teh app have to be secure.
(Modern) Web browsers are non-trivial applications. Hence, they have bugs. Hence, since their primary purpose is dealing with untrusted data, they are a significant security hole.
Many server applications fall into the same category. Large, non-trivial application -> bugs. Spend most of their time dealing with foreign data -> much higher probability of exploitation. Bugs + much higher chance of exploitation -> big security hole.
The isolated pocket of permissions is already given by the OS in the case of Linux distro, so they have nothing to do.
No Linux distribution I am aware of does this. Since you obviously haven't a clue what you're talking about, I'll help - this is *not* the same thing as defaulting to a non-Admin account.
If someone had to follow suite, that would be the web browser developers, not Linux distro.
No, it's an OS configuration issue and thus the distribution maintainer's job.
I doubt they will do that.
I don't. Let's come back in 12 months and see who was right. If anything, I'll bet there are even more applications running in these kinds of "jails".
You believe that FOSS web browsers or OS are in as bad shape as IE and Windows, that's why you think others have to follow suite.
No, I believe that web browsers are quite possible the single biggest security hole/malware vector in the typical PC. Closely followed by email clients and P2P software. Locking them down as much as possible is common sense.
This means that (a) they apparently haven't fixed the "normal users have access to the whole system (ie, run as Administrator)" problem, and [...]
Do you similarly think chroot (and other equivalents) implies everything else runs as root ?
[...] (b) they've given up on keeping IE from being a slutty little spyware freak, and assume that no matter what they do it's gonna get infected.
The primary purpose of a web browser is to download, parse and display data from untrusted, unverifiable sources. They are inherently insecure applications. I'd say bundling the web browser up into its own little isolated pocket of permissions is a damn good idea. Expect to see OS X and "user friendly" Linux distros follow suit within 12 months.
Why is that feature not available for our control?
Probably to avoid the standard cries of "antitrust" that spring up every time Microsoft implement a feature their customers ask for or their competitors already have.
I think the real news would be "how much does it cost to buy a computer that can actually run Vista?"
A few hundred US$.
Not trying to troll here, but ferchrissake! If I have to upgrade at a cost of hundreds of dollars just to run it [...]
Most low-end machines bought in the last ~18 months should run Vista (maybe needing a RAM upgrade).
Any mid-range machine from the last ~3 years should run Vista.
Any high-end machine from the last ~5 years should run Vista with a cheap video card upgrade.
(This is Vista "Premium", will the full eyecandy GUI, as well - if you just want the "classic" GUI then pretty much anything up to about 7-8 years old should run it, maybe requiring a RAM upgrade.)
Any remotely game/enthusiast/high-end/geek/whatever oriented user will probably have had a PC capable of running Vista since ca. 2003.
Vista is a *significant* upgrade to pretty much every aspect of Windows, easily on par with major Linux distribution moves (kernel 2.4 -> 2.6 and the like), or the updates Apple made to NeXT to get OS X.
Wasn't there a slashdot reference to an article in the last week where Microsoft "was considering" removing admin access from their employees?
TFA was unclear whether "admin access" meant "logged in all the time as an Administrator" or "can run things as an Administrator when required".
There is a rather large difference between these two things.
For example, I run as a regular user (and have done for ~10 years), but I can also run things as a local Administrator whenever I choose, either via "Run As" or specifically logging into the Administrator account. I would class this as "admin access".
As things currently stand, big phone companies and cable conglomerates have what is called "common carrier" status. [...]
I agree with your sentiments, however, this argument is bogus.
Prioritising traffic based on source, destination, and how much money those two places have given you neither requires, nor entails, knowing the *content* of that traffic.
Even if ISPs start prioritising traffic based on its source and destination, it does not follow that they are aware of - and hence responsible for - the content of the traffic they are prioritising.
It's like saying because the postal service has "express" and "regular" mail, or because the postage charges are different depending upon where you're sending from and to, they are responsible for the content of the packagers and/or letters you are sending.
Since this is obvious to anyone with even a basic grasp of how TCP/IP works - let alone someone running their own VOIP company - it appears to me that you were being deliberately deceptive.
Also:
That's not capitalism and that's not the American way.
Actually, I would argue that ISPs prioritising traffic most certainly *is* a textbook example of capitalism and "The American Way".
Wow. That's quite a gulf between us. What I think is a vital first step that would help in 95% of cases, you think is a "marginal workaround" that would hardly help at all.
Unfortunately, yes. It was the spread of that trojan hidden inside a *password protected zip file* that put the final nail in the coffin my optimism was hiding in. When users are happy to do that, I really don't see how adding a requirement to change a file permission or copy it to another location is going to help much.
My first PC to hit a gig of RAM was back in 1999 and it wasn't especially expensive at the time. PCs with that much RAM today are commonplace and a gig of DDR RAM is worth about US$50 - US$80. Assuming you could even find one new, a 40G drive is worth about US$30. A DirectX 9 capable GeForce 5200 video card is about US$30.
Any self-respecting "techie" - *particularly* one who makes a living out of it - should be able to lay hands on at least one machine that meets the Vista "Premium" minimum specs without any trouble at all. Heck, you could buy a brand new machine (sans monitor) that would for only a few hundred US$.
A ca. 2002/2003 mid-range machine will easily meet the minimum specs for Vista "Premium". Heck, a high-end machine ca. 2000 would meet them with a cheap video card upgrade.
So, no, it wouldn't even be close to "killing" someone like that to keep a spare machine or three around for testing new OS releases with.
Bzzzt here's on article on Paul Thorrott's Windows SuperSite talking about the begining of Longhorn (now vista development) from 2002 talking about the previous years Longhorn development in 2001. Vista is a long bake turkey, try ahhmm 5 years.
Much of the Longhorn development was thrown out ca. 2003 after the release of Windows 2003 and the project restarted ("rebooted" was the term used in press releases, IIRC) based from the Windows 2003 codebase (instead of the Windows XP codebase).
Windows *Vista* has been in development for approximately 3 years. Maybe 4, at a stretch, if you want to count the code that was carried over from the previous effort.
So make the next mental leap. Suppose Microsoft were to, as I originally suggested, make Windows default the user to an account with no admin rights.
Continuing on with GPs example of Lotus Notes, this is demonstrably ineffective. Managed (ie: in an Active Directory or NT4 domain) Windows machines have always defaulted to non-admin level user accounts. Yet this has resulted in little to no changes in Lotus notes and many other pieces of commercial software.
Then when Grampa Bob tries to run TurboTax and it shits all over him (that's the technical term for, "Bob's attempted execution of the TurboTax application failed with a cryptic and unhelpful error message"), Grampa Bob is going to call up Intuit and say, "WTF?".
And Intuit will say "here's how you add your account to the Administrators group" (hell, they'll probably put in in the installation notes).
Microsoft is the only guiding entity of the Windows world, and they are therefore responsible for guiding it. They have not done a good job of this. If there were merely a FEW bad actors, certainly they are not responsible. But they are responsible for the PREVALENCE of such applications even from major vendors.
How are they responsible ? They've been telling developers how to write LUA-friendly apps for ~8 years. They've made it a requirement of the "Designed for Windows" logo for ~5 years. They even hacked some multiuser features into their single user OS to make the transition easier for developers.
About the only thing they haven't done is deliberately broken non-LUA-friendly applications. Given the uproar that usually ensues when changes to Windows break apps *at all* - let alone when it's done intentionally or with forewarning - I think that's quite understandable.
You also seem to completely ignore that developing software which doesn't needlessly require elevated privileges is simply following good practices, and not doing so requires either a) ignorance of how to write good software, or b) a conscious decision to write bad software. How on Earth can Microsoft be held responsible for that ?
if I write a piece of unix software that needlessly requires root privileges, or that stores user information in system areas, does Linus, Sun, Red Hat, SUSE, et al share even the tinest shred of responsibility ? No ? Then why do you hold Microsoft to a different standard ?
Clearly you didn't understand my system.
I do understand your system. It breaks down at step 2, where you depend on developers to do the right thing and opt-in to the new system. If developers could be trusted to do the right thing and "opt-in to the new system", applications would have been LUA-friendly before Windows XP was even released and this entire conversation (and millions like it) would never have occurred.
There is no "chicken and egg" problem that needs solving (or, more accurately, it was "solved" back around 1998, when Windows 98 introduced the per-user Registry hives and filesystem locations to consumer-level Windows). The OS and API infrastructure has been in place for software developers to *transparently* have been making their software LUA-friendly for *at least* 5 years now, and realistically closer to 9 years.
No developer has had any genuine excuse - for ~5 years _minimum_ - for releasing an application that needlessly requires elevated privileges. None. The shift of consumer Windows from DOS to NT was not some massive change that was sprung on software developers without warning or direction. It was a planned migration that was forecast back around 1993 and actually ended up taking about 2 -3 times as long as originally planned (so what insignificant protests developers might be able to raise about not being responsible, carry even less weight than they might otherwise have). Had everything gone to the original schedule, Windows XP would have been released ca. 1998 and Windows 98 would never have existed at all. Developers should be thanking their lucky stars the transition ended up being so (theoretically) easy.
I probably shouldn't bother answering this, because someone who thinks priv separation is pointless is probably either too misguided for a post to fix or a troll, but I'll try anyway.
I did not say privilege separation was pointless, I said privilege separation was _mostly_ pointless in (and this is the important part) the context of a *typical, unmanaged, single-user home computer*.
The reasons why this is true should be pretty obvious, but apparently they're not to a whole bunch of people out there who are stuck in the mindset of a central, multiuser-mainframe-type-system with a bunch of dumb terminals - or "thin clients", if you prefer the modern terminology - connected to it (or, at least, they like to pretend they are).
BUT without priv separation, this ActiveX weakness means that your whole MACHINE i
When it's justified, you can actually change databases or move from a traditional N tier model to something a bit more scalable. Just don't try it because you've screwed up your indexes or something.
Indeed, when it's justified - and even then, it's a major project not undertaken lightly.
However, the common attitude on Slashdot amongst the idealists that you can just "drop in another DB" or "switch to a different unix/linux" at the drop of a hat, during a weekend, is ludicrous, when applied in the context of actual, non-trivial, production environments.
All the components are modular... if the mysql people slack off with security, you can drop them in favour of postgres, with practically no interruption and minimal retooling.
When people make these sort of suggestions about real, non-trivial production environments, they usually get laughed out of the room (and shortly thereafter, the job).
I was commenting on the apparent lack of support in the automated installation processes for LVM and/or RAID configurations making it unusable for us.
Similarly, Linux isn't displacing NT, it's displacing commercial UNIX.
The overlap of functionality between NT and Linux is, really, quite small. There aren't many cases for which Linux is a good solution, where NT could also be (and vice versa).
Thanks, looks like they're on the way to something decent.
The apparent lack of LVM and RAID capability, however, would make it a non-starter for us. I hope they keep improving it rapidly.
I must admit I haven't put the slightest bit of research into this, as I'm too busy, but what is Ubuntu's answer to Kickstart ?
This argument is completely and utterly bogus. Even someone with only a basic grasp of TCP/IP can understand that prioritising a packet based on source/destination IP - and even port - tells you nothing meaningful about its content.
The "takes away common carrier status" argument is groundless. You won't be able to convince anyone even remotely knowledgable with it.
Very well.
Since you seemed to miss the point... I was trying to point out why the fact Microsoft are running the browser under a set of tighter permissions, does not at all point to the "conclusion" the GP drew.
Where did you come to this conclusion ? What is that logic ?
Well, let's see. It might have something to do with the fact that the whole point of a web browser is to connect to, and download data from, largely unknown, unverifiable and untrusted sources.
It just means a browser is an application dealing with an insecure and potentially hostile environment. It doesn't mean the app itself is insecure, it rather means teh app have to be secure.
(Modern) Web browsers are non-trivial applications. Hence, they have bugs. Hence, since their primary purpose is dealing with untrusted data, they are a significant security hole.
Many server applications fall into the same category. Large, non-trivial application -> bugs. Spend most of their time dealing with foreign data -> much higher probability of exploitation. Bugs + much higher chance of exploitation -> big security hole.
The isolated pocket of permissions is already given by the OS in the case of Linux distro, so they have nothing to do.
No Linux distribution I am aware of does this. Since you obviously haven't a clue what you're talking about, I'll help - this is *not* the same thing as defaulting to a non-Admin account.
If someone had to follow suite, that would be the web browser developers, not Linux distro.
No, it's an OS configuration issue and thus the distribution maintainer's job.
I doubt they will do that.
I don't. Let's come back in 12 months and see who was right. If anything, I'll bet there are even more applications running in these kinds of "jails".
You believe that FOSS web browsers or OS are in as bad shape as IE and Windows, that's why you think others have to follow suite.
No, I believe that web browsers are quite possible the single biggest security hole/malware vector in the typical PC. Closely followed by email clients and P2P software. Locking them down as much as possible is common sense.
Do you similarly think chroot (and other equivalents) implies everything else runs as root ?
[...] (b) they've given up on keeping IE from being a slutty little spyware freak, and assume that no matter what they do it's gonna get infected.
The primary purpose of a web browser is to download, parse and display data from untrusted, unverifiable sources. They are inherently insecure applications. I'd say bundling the web browser up into its own little isolated pocket of permissions is a damn good idea. Expect to see OS X and "user friendly" Linux distros follow suit within 12 months.
You do if you are expected to be held liable for that content.
It'd be hell to administer, but when the carriers record and track every packet (for tiered billing) they open themselves to all sorts of craziness.
Another red herring. Traffic prioritisation doesn't require anyone to "record and track" every packet.
Probably to avoid the standard cries of "antitrust" that spring up every time Microsoft implement a feature their customers ask for or their competitors already have.
A few hundred US$.
Not trying to troll here, but ferchrissake! If I have to upgrade at a cost of hundreds of dollars just to run it [...]
Most low-end machines bought in the last ~18 months should run Vista (maybe needing a RAM upgrade).
Any mid-range machine from the last ~3 years should run Vista.
Any high-end machine from the last ~5 years should run Vista with a cheap video card upgrade.
(This is Vista "Premium", will the full eyecandy GUI, as well - if you just want the "classic" GUI then pretty much anything up to about 7-8 years old should run it, maybe requiring a RAM upgrade.)
Any remotely game/enthusiast/high-end/geek/whatever oriented user will probably have had a PC capable of running Vista since ca. 2003.
Vista is a *significant* upgrade to pretty much every aspect of Windows, easily on par with major Linux distribution moves (kernel 2.4 -> 2.6 and the like), or the updates Apple made to NeXT to get OS X.
It's a hell of a lot more than "eye candy".
Yes, it does. Unless you can provide some specific examples other people can verify.
Maybe you are on a domain? Things work better in a domain. The OS is not designed to do what you falsely claim it can.
The OS most certainly is designed to do that. The problem is 100% the fault of application developers.
TFA was unclear whether "admin access" meant "logged in all the time as an Administrator" or "can run things as an Administrator when required".
There is a rather large difference between these two things.
For example, I run as a regular user (and have done for ~10 years), but I can also run things as a local Administrator whenever I choose, either via "Run As" or specifically logging into the Administrator account. I would class this as "admin access".
I agree with your sentiments, however, this argument is bogus.
Prioritising traffic based on source, destination, and how much money those two places have given you neither requires, nor entails, knowing the *content* of that traffic.
Even if ISPs start prioritising traffic based on its source and destination, it does not follow that they are aware of - and hence responsible for - the content of the traffic they are prioritising.
It's like saying because the postal service has "express" and "regular" mail, or because the postage charges are different depending upon where you're sending from and to, they are responsible for the content of the packagers and/or letters you are sending.
Since this is obvious to anyone with even a basic grasp of how TCP/IP works - let alone someone running their own VOIP company - it appears to me that you were being deliberately deceptive.
Also:
That's not capitalism and that's not the American way.
Actually, I would argue that ISPs prioritising traffic most certainly *is* a textbook example of capitalism and "The American Way".
No, it doesn't, because knowing a packet's source and destination address does not, in any way, tell you about its content.
Unfortunately, yes. It was the spread of that trojan hidden inside a *password protected zip file* that put the final nail in the coffin my optimism was hiding in. When users are happy to do that, I really don't see how adding a requirement to change a file permission or copy it to another location is going to help much.
My first PC to hit a gig of RAM was back in 1999 and it wasn't especially expensive at the time. PCs with that much RAM today are commonplace and a gig of DDR RAM is worth about US$50 - US$80. Assuming you could even find one new, a 40G drive is worth about US$30. A DirectX 9 capable GeForce 5200 video card is about US$30.
Any self-respecting "techie" - *particularly* one who makes a living out of it - should be able to lay hands on at least one machine that meets the Vista "Premium" minimum specs without any trouble at all. Heck, you could buy a brand new machine (sans monitor) that would for only a few hundred US$.
A ca. 2002/2003 mid-range machine will easily meet the minimum specs for Vista "Premium". Heck, a high-end machine ca. 2000 would meet them with a cheap video card upgrade.
So, no, it wouldn't even be close to "killing" someone like that to keep a spare machine or three around for testing new OS releases with.
I'm not quite sure how the answer to "you can't make money selling GPLed software" of "when you want to make money, don't use the GPL" is "perfect"...
Much of the Longhorn development was thrown out ca. 2003 after the release of Windows 2003 and the project restarted ("rebooted" was the term used in press releases, IIRC) based from the Windows 2003 codebase (instead of the Windows XP codebase).
Windows *Vista* has been in development for approximately 3 years. Maybe 4, at a stretch, if you want to count the code that was carried over from the previous effort.
Continuing on with GPs example of Lotus Notes, this is demonstrably ineffective. Managed (ie: in an Active Directory or NT4 domain) Windows machines have always defaulted to non-admin level user accounts. Yet this has resulted in little to no changes in Lotus notes and many other pieces of commercial software.
Then when Grampa Bob tries to run TurboTax and it shits all over him (that's the technical term for, "Bob's attempted execution of the TurboTax application failed with a cryptic and unhelpful error message"), Grampa Bob is going to call up Intuit and say, "WTF?".
And Intuit will say "here's how you add your account to the Administrators group" (hell, they'll probably put in in the installation notes).
How are they responsible ? They've been telling developers how to write LUA-friendly apps for ~8 years. They've made it a requirement of the "Designed for Windows" logo for ~5 years. They even hacked some multiuser features into their single user OS to make the transition easier for developers.
About the only thing they haven't done is deliberately broken non-LUA-friendly applications. Given the uproar that usually ensues when changes to Windows break apps *at all* - let alone when it's done intentionally or with forewarning - I think that's quite understandable.
You also seem to completely ignore that developing software which doesn't needlessly require elevated privileges is simply following good practices, and not doing so requires either a) ignorance of how to write good software, or b) a conscious decision to write bad software. How on Earth can Microsoft be held responsible for that ?
if I write a piece of unix software that needlessly requires root privileges, or that stores user information in system areas, does Linus, Sun, Red Hat, SUSE, et al share even the tinest shred of responsibility ? No ? Then why do you hold Microsoft to a different standard ?
Clearly you didn't understand my system.
I do understand your system. It breaks down at step 2, where you depend on developers to do the right thing and opt-in to the new system. If developers could be trusted to do the right thing and "opt-in to the new system", applications would have been LUA-friendly before Windows XP was even released and this entire conversation (and millions like it) would never have occurred.
There is no "chicken and egg" problem that needs solving (or, more accurately, it was "solved" back around 1998, when Windows 98 introduced the per-user Registry hives and filesystem locations to consumer-level Windows). The OS and API infrastructure has been in place for software developers to *transparently* have been making their software LUA-friendly for *at least* 5 years now, and realistically closer to 9 years.
No developer has had any genuine excuse - for ~5 years _minimum_ - for releasing an application that needlessly requires elevated privileges. None. The shift of consumer Windows from DOS to NT was not some massive change that was sprung on software developers without warning or direction. It was a planned migration that was forecast back around 1993 and actually ended up taking about 2 -3 times as long as originally planned (so what insignificant protests developers might be able to raise about not being responsible, carry even less weight than they might otherwise have). Had everything gone to the original schedule, Windows XP would have been released ca. 1998 and Windows 98 would never have existed at all. Developers should be thanking their lucky stars the transition ended up being so (theoretically) easy.
I probably shouldn't bother answering this, because someone who thinks priv separation is pointless is probably either too misguided for a post to fix or a troll, but I'll try anyway.
I did not say privilege separation was pointless, I said privilege separation was _mostly_ pointless in (and this is the important part) the context of a *typical, unmanaged, single-user home computer*.
The reasons why this is true should be pretty obvious, but apparently they're not to a whole bunch of people out there who are stuck in the mindset of a central, multiuser-mainframe-type-system with a bunch of dumb terminals - or "thin clients", if you prefer the modern terminology - connected to it (or, at least, they like to pretend they are).
BUT without priv separation, this ActiveX weakness means that your whole MACHINE i
Indeed, when it's justified - and even then, it's a major project not undertaken lightly.
However, the common attitude on Slashdot amongst the idealists that you can just "drop in another DB" or "switch to a different unix/linux" at the drop of a hat, during a weekend, is ludicrous, when applied in the context of actual, non-trivial, production environments.
Actually it's more like three years.
They've already done it. With Windows 2003 and its successor, Vista.
When people make these sort of suggestions about real, non-trivial production environments, they usually get laughed out of the room (and shortly thereafter, the job).