Because Windows inherited its design from earlier versions of Windows, the ability for a subverted process to be used to gain an illegal privilege escalation is much easier on Windows than it is on many other operating systems, for example, Linux, UNIX, and BSD.
Windows "inherited its design" from VMS.
Here is an excellent article you can read about the differences:
I only had to read about a page down before finding something stupid:
"Here's the short version of the answer: No. If you simply never run untrusted executables while logged in as the root user (or equivalent), all the "virus checkers" in the world will be at best superfluous; at worst, downright harmful."
Rick has a collection of excellent articles on this and many other issues.
Rick apparently hasn't realised the world doesn't run on dumb terminals connected to centrally managed UNIX hosts any more.
While some things (like hacking websites) seem more akin to vandalism, in that they are not intended to cause harm, others, like DDoS attacks, could very well be the Internet equivalent of a violent attack.
It is difficult to see how a DDoS, or even a website defacement, could be considered "violent". No person is harmed. No property is damaged. Even if you want to stretch it more than (IMHO) you should, no data is lost.
If you set the bar for "violence" so low, it is difficult to see how anyone, anywhere, could disagree with the status quo in any way, without being considered "violent".
The program includes a "prebate" that covers what the tax will cost on the necessities of life. So the lowest income earners, those who spend nearly all of their income on necessities will in effect pay zero taxes.
That doesn't make it any less regressive. It will still tax the non-rich proportionally much more than the rich (in no small part because *everyone* gets the "prebate", but mainly because consumption costs drop as income rises). This also assumes the "prebate" would be correctly and fairly implemented - itself highly unlikely given that it's essentially nothing more than a guess.
Not to mention that to calculate the flat rate, the Fairtax assumes the current amount of taxation revenue raised in the USA is sufficient (an assumption that is ridiculous on its face). Or that it assumes existing incomes will remain unchanged.
The wealthy, who spend the majority of their income on luxury items will now be paying taxes instead of finding loopholes.
The easiest and most obvious "loophole" introduced by the Fairtax that the rich would exploit is buying things overseas instead of locally. Spending twenty grand on clothes ? Fly to Paris for the weekend with three empty suitcases instead of going to New York - and enjoy some decent coffee while you're there.
I know it's not a perfect tax, but I believe it's FAR better than what we have now.
What would be better still would be eliminating all the loopholes the rich and corporations currently use to avoid paying taxes.
Nice try, how about proving your statement with a little bit of explanation instead of just hoping that it's true.
Simple consumption taxes are regressive. It's not really something that's up for debate.
Have you actually read about the Fair Tax?
Do you actually study economics and the current digrace of a tax code that we have right now? Are you really against simplifying the taxes so that they are so simple and transparent that politicians could no longer play favorites with their soup du jour special interests? Come on man, foul play! Don't defend the sucky status quo.
This is all a non-sequitur. Observing that consumption taxes are regressive is in no way supporting or defending the "sucky status quo".
Sadly NTFS is still behind HPFS in some ways. One major one is data fragmentation. Defragging manually is a joy only NTFS users have, as HPFS really never needed it.
NTFS's "fragmentation problems" are grossly exaggerated. Outside of pathological or corner case usage profiles, the performance difference between a "contiguous" and "highly fragmented" NTFS volume is essentially zero.
LVM doesn't meet all the functionality described. In particular, the most important aspects relating to data redundancy.
Not only does EVERY unix do that, it's the ONLY way it can be done. Mixing up the logical and physical partitions in such a convoluted way is a Microsoft only type of deal. Drive letters were thrown out in real operating systems decades ago. Again, Windows: Failing today to do what Unix successfully did decades ago.
You have completely misunderstood what "one big storage pool" means (LVM does do it, but that is not what you are describing, which is the single-rooted hierarchy).
There is no advantage to "control of the Windows System Registry" except for windows users, so your logic appears a bit circular.
The logic is fine, the terminology is poor.
Group Policy provides a mechanism and comprehensive set of capabilities for central configuration management of Windows machines. "Control of the Registry" is merely an irrelevant implementation semantic.
Central configuration management is - amazingly, given its age - functionality significantly lacking from Linux/UNIX. IME this is largely due to traditional Linux/UNIX admins taking great pride in how awesome they are at continually reinventing the wheel (and castigating those who try to minimise it - the common complaint being it would make things "too easy").
No. The single most important feature of Group Policy is the simple fact that it exists and works.
Sure, you can cobble together something in a Linux environment that probably comes close to providing the functionality of GPOs. You might even be able to leverage puppet or cfengine and save yourself a lot of work. But a) you've just wasted weeks to months of time doing it, b) you now have to maintain not only the policies, but the mechanism for enforcing them, and c) when you move on to a new environment you have to do it all over from scratch again.
Ie: it's a textbook example of reinventing the wheel, and while I understand that's the sort of busywork old-school sysadmins *love* doing so they can look and feel busy, the people paying the bills now expect more from their employees.
However, if you limit yourself to a single OS like you did for Windows there are in fact standard OS management tools built-in that can do many if not all of the things you want, and people with training and experience that know how to run them before they've ever seen your systems. All the "major distributions" now have very standard, config-driven systems and like Windows try very hard to keep you from modifying the underlying scripts directly.
Which Linux distribution has anything close to Group Policy ?
Oh I don't know about that. Cron and rsync are pretty well proven to be quite reliable and flexible.
Rsync and - even less so - cron don't solve the problem.
Of course it does require some competence, no pointy-clicky...
You are conflating "incompetence" with a lack of interest in continually reinventing the wheel.
I'm quite capable of implementing something that can achieve probably 90% of the functionality of GPOs. I have zero interest in doing it, however, because I'd rather spend my time productively.
That's one of many reasons why I support the proposal called "the fair tax" which would replace all existing payroll and income taxes with a consumption tax.
And when they say "fair", they mean "provide they greatest benefit to the rich".
Consumption taxes are about as regressive as you can get.
We have at will employment, the employment is a private matter based on contract and there is no gov't mandated minimum wage. It's all about contract between employer and employee and it has nothing to do with government.
There is no "universal" minimum wage, it is true. But many trades and professions, specify minimum wages though collective agreements (ie: Guilds/Unions).
However, the suggestion that Swiss labour laws are even remotely close to the lack of regulation you advocate is laughable. Maximum hours per week are stipulated, and overtime must be paid by default. Notice periods - if not explicitly in an employment contract (and typically they aren't - it would be very unusual for an "at will" equivalent to be in a contract) - are at least a month (outside of probation periods). Maternity leave is mandated. Four weeks of annual leave are mandated. Unfair dismissal laws exist. Etc, etc.
On top of this is the Swiss culture itself, which strongly stigmatises employer abuse of employees. Many of the employee-friendly conditions that are not explicitly laid out in law are instead practiced by convention (eg: regular salary increases). Living standards and community cohesion are king in Switzerland, and a lack of employment stability is the antithesis of those. Do not kid yourself for a second if employers started regularly engaging in the kind of actions they do in some other countries, that the Swiss would not vote in legislation to prevent them from doing so.
Sorry, but Swiss labour laws may not be quite as pro-employee as other parts of Europe, but they are far, far ahead of anywhere in the USA. I've lived and worked in both places, and I know which I prefer.
What's strange is that you believe that MOST European countries are this way.
There's no "believing" involved, because it's a fact.
How many European countries can you name with (lack of) employee rights even remotely close to "at will" laws in most US states, let alone close to the "employees have no rights" libertarian fantasy ?
In Europe - along with most of the western world outside of the US - employers need a genuine reason to fire an employee. Downsizing, restructuring, poor performance, bad conduct, etc are all good reasons. Not liking their Facebook page isn't even close. This has been upheld in most countries, as employers in those countries - taking their cues from the "fuck you, peon" attitude towards employees prevalent in the USA - have tried it, been sued for wrongful dismissal, and lost.
They are all pursuing more and more liberal business practices, reducing regulations, allowing cheap labor to be imported from other countries.
Firstly, that's irrelevant, this discussion is about employee rights, not immigration policies.
Secondly, those immigrant workers are brought into the country under very strict controls, only when local workers cannot be found, to perform a very specific job, and must leave when that job is finished.
Of-course there is an alternative, like in European countries: you end up with only large companies, they all are heavily subsidized and regulated, but your choices of employment are diminished and your ability to open your own business are extremely limited. This eventually leads to less and less economic activity and higher and higher levels of unemployment and reliance on government.
Yet, "strangely", most European countries with strict regulations around employment have low unemployment rates, strong economies, and high standards of living.
Automatics are terrible at getting you where you are going safely. I constantly see people using the brake in bad weather when down-shifting would be far safer. The same with going down steep inclines.
I am not aware of any automatic transmissions with only one gear.
If you cannot put down the cell phone and big mac to shift you are not responsible enough to be operating a motor vehicle.
I am quite capable of shifting and own a car specifically for the times I want to spend doing it. However, there's no way in hell I'd drive a manual car in stop-start traffic by choice. Now that I'm all growed up and don't treat city streets like my personal racetrack, I have little interest in rowing through the gearbox every minute for half an hour each day.
Then I guess they need to go after the users sharing the copyrighted materials not everyone who is using the service. When a bank robber drives to the bank he is going to stick up no one suggests banning driving or suing the road designer; how is this any different?
Well, this is a little more like suing a limo company that specialises in clients who walk out of banks with bags of money, wearing masks and waving guns around...
Computers are used in many places other than the home these days. Unless you are saying the behavior of UAC was different in Vista Home and Business editions.
UAC behaviour is different when the machine is on a domain - it prompts for a username and password. It's also trivially configurable for those foolish enough to be in some sort of multi-machine, multi-user environment without a domain controller.
Besides, suppose you have kids at home, who will merrily click OK on any dialog that pops up? Or employees at work who will do the same?
Firstly, in those sorts of implicit-trust situations those people will typically know all the passwords anyway. An environment where multiple users have a single account, while "the password" remains secret, is practically unheard of (certainly I've never witnessed one during my ~20 years in the industry that was more than a few months old). Heck, environments with *multiple accounts* where most people don't know at least one other user's login and password are rare enough.
Secondly, they should have their own user accounts without privileges to elevate, UAC should be reconfigured to prompt for a username and password. Fast user switching makes this trivial.
The difference between being prompted for a password and being prompted to click OK is far from zero.
Not in the most common usage scenario for an unmanaged machine (single home user and/or implicitly trusted group of users), it's not.
sudo is also configurable.
I am well aware sudo is configurable. I have spent many weeks of my life over the years configuring it.
I was talking about out of the box behavior. UAC - especially when first implemented in Vista - falls short of being a "GUI sudo prompt."
Untrue. A graphical sudo prompt is essentially exactly what UAC is, in both theory and implementation. The only difference is not prompting for a password on an unmanaged machine, which presents essentially zero additional risk due to the environment nearly all such machines are found in.
The difference between how Windows Vista & 7, Linux (Ubuntu, et al) and OS X treat privilege escalation out of of the box, for nearly all people, is practically identical.
This will confuse people and make them wary of Sandy Bridge based machines for years.
No it won't.
Only a vanishingly small proportion of customers will even know what a chipset is, let alone which specific model is in their PC.
Of *those*, probably half of them only ever buy along party lines, so a flaw in an Intel chipset is irrelevant to them.
Of the remainder, most will be aware of the issue and account for it. That's assuming, of course, one of these defective chipsets even gets into a system that has more than two SATA ports anyway, in itself a highly improbably outcome.
Anyone that actually cares about safeguarding their data won't be running a server with a GUI on it anyway.
I have yet to see any data stored on a server that isn't easily accessible from at least one, and usually a lot more, clients connected to that server. Have you ?
If you are referring to UAC, it is hardly a "GUI sudo prompt." sudo requires you to prove that you are an authentic user by providing your password each time you open a shell to perform an administrative task (and every fifteen minutes after), and you also have to be a member of the sudo group (which only the first account created at install time is by default).
Firstly, you need to be in an appropriate group to elevate via UAC. The first user created is in this group by default, just like they are in Ubuntu or OS X.
Secondly, the difference in security between an "OK" prompt and an "enter your password" prompt, in a standard end user scenario, is essentially zero. Unless you think the average person sitting at home is likely to have an attacker break into their house just so they can get admin rights on their PC ?
Thirdly, UAC can be trivially configured to prompt for a username and password if the security policies of the site require it.
This is the reason it was met with derision by Slashdotters (and I don't recall many "fits of nerd rage," although a few might have snorted Code Red through their noses when they realized how impotent - and easily disabled - this new Microsoft "security feature" was).
No, the derision was because, as usual, Slashdotters tend to have SFA knowledge about how Windows actually works.
Slashdot Mirror
Windows "inherited its design" from VMS.
I only had to read about a page down before finding something stupid:
Rick apparently hasn't realised the world doesn't run on dumb terminals connected to centrally managed UNIX hosts any more.
It is difficult to see how a DDoS, or even a website defacement, could be considered "violent". No person is harmed. No property is damaged. Even if you want to stretch it more than (IMHO) you should, no data is lost.
If you set the bar for "violence" so low, it is difficult to see how anyone, anywhere, could disagree with the status quo in any way, without being considered "violent".
How many people have they killed ? How much property damage have they caused ? How much data have they destroyed ?
That doesn't make it any less regressive. It will still tax the non-rich proportionally much more than the rich (in no small part because *everyone* gets the "prebate", but mainly because consumption costs drop as income rises). This also assumes the "prebate" would be correctly and fairly implemented - itself highly unlikely given that it's essentially nothing more than a guess.
Not to mention that to calculate the flat rate, the Fairtax assumes the current amount of taxation revenue raised in the USA is sufficient (an assumption that is ridiculous on its face). Or that it assumes existing incomes will remain unchanged.
The easiest and most obvious "loophole" introduced by the Fairtax that the rich would exploit is buying things overseas instead of locally. Spending twenty grand on clothes ? Fly to Paris for the weekend with three empty suitcases instead of going to New York - and enjoy some decent coffee while you're there.
What would be better still would be eliminating all the loopholes the rich and corporations currently use to avoid paying taxes.
Simple consumption taxes are regressive. It's not really something that's up for debate.
This is all a non-sequitur. Observing that consumption taxes are regressive is in no way supporting or defending the "sucky status quo".
NTFS's "fragmentation problems" are grossly exaggerated. Outside of pathological or corner case usage profiles, the performance difference between a "contiguous" and "highly fragmented" NTFS volume is essentially zero.
False. NTFS and HPFS are not even remotely similar.
Flexible software RAID and logical volume management.
LVM doesn't meet all the functionality described. In particular, the most important aspects relating to data redundancy.
You have completely misunderstood what "one big storage pool" means (LVM does do it, but that is not what you are describing, which is the single-rooted hierarchy).
The logic is fine, the terminology is poor.
Group Policy provides a mechanism and comprehensive set of capabilities for central configuration management of Windows machines. "Control of the Registry" is merely an irrelevant implementation semantic.
Central configuration management is - amazingly, given its age - functionality significantly lacking from Linux/UNIX. IME this is largely due to traditional Linux/UNIX admins taking great pride in how awesome they are at continually reinventing the wheel (and castigating those who try to minimise it - the common complaint being it would make things "too easy").
No. The single most important feature of Group Policy is the simple fact that it exists and works.
Sure, you can cobble together something in a Linux environment that probably comes close to providing the functionality of GPOs. You might even be able to leverage puppet or cfengine and save yourself a lot of work. But a) you've just wasted weeks to months of time doing it, b) you now have to maintain not only the policies, but the mechanism for enforcing them, and c) when you move on to a new environment you have to do it all over from scratch again.
Ie: it's a textbook example of reinventing the wheel, and while I understand that's the sort of busywork old-school sysadmins *love* doing so they can look and feel busy, the people paying the bills now expect more from their employees.
Which Linux distribution has anything close to Group Policy ?
Rsync and - even less so - cron don't solve the problem.
You are conflating "incompetence" with a lack of interest in continually reinventing the wheel.
I'm quite capable of implementing something that can achieve probably 90% of the functionality of GPOs. I have zero interest in doing it, however, because I'd rather spend my time productively.
And when they say "fair", they mean "provide they greatest benefit to the rich".
Consumption taxes are about as regressive as you can get.
One country ? I think my "most" statements holds.
There is no "universal" minimum wage, it is true. But many trades and professions, specify minimum wages though collective agreements (ie: Guilds/Unions).
However, the suggestion that Swiss labour laws are even remotely close to the lack of regulation you advocate is laughable. Maximum hours per week are stipulated, and overtime must be paid by default. Notice periods - if not explicitly in an employment contract (and typically they aren't - it would be very unusual for an "at will" equivalent to be in a contract) - are at least a month (outside of probation periods). Maternity leave is mandated. Four weeks of annual leave are mandated. Unfair dismissal laws exist. Etc, etc.
On top of this is the Swiss culture itself, which strongly stigmatises employer abuse of employees. Many of the employee-friendly conditions that are not explicitly laid out in law are instead practiced by convention (eg: regular salary increases). Living standards and community cohesion are king in Switzerland, and a lack of employment stability is the antithesis of those. Do not kid yourself for a second if employers started regularly engaging in the kind of actions they do in some other countries, that the Swiss would not vote in legislation to prevent them from doing so.
Sorry, but Swiss labour laws may not be quite as pro-employee as other parts of Europe, but they are far, far ahead of anywhere in the USA. I've lived and worked in both places, and I know which I prefer.
There's no "believing" involved, because it's a fact.
How many European countries can you name with (lack of) employee rights even remotely close to "at will" laws in most US states, let alone close to the "employees have no rights" libertarian fantasy ?
In Europe - along with most of the western world outside of the US - employers need a genuine reason to fire an employee. Downsizing, restructuring, poor performance, bad conduct, etc are all good reasons. Not liking their Facebook page isn't even close. This has been upheld in most countries, as employers in those countries - taking their cues from the "fuck you, peon" attitude towards employees prevalent in the USA - have tried it, been sued for wrongful dismissal, and lost.
Firstly, that's irrelevant, this discussion is about employee rights, not immigration policies.
Secondly, those immigrant workers are brought into the country under very strict controls, only when local workers cannot be found, to perform a very specific job, and must leave when that job is finished.
In fifty-odd years, fuel will be so expensive that flying will be something that most people can't afford.
Time spend in a car is dead time, because you have to drive. Time spent on a train can be used productively.
Yet, "strangely", most European countries with strict regulations around employment have low unemployment rates, strong economies, and high standards of living.
I am not aware of any automatic transmissions with only one gear.
I am quite capable of shifting and own a car specifically for the times I want to spend doing it. However, there's no way in hell I'd drive a manual car in stop-start traffic by choice. Now that I'm all growed up and don't treat city streets like my personal racetrack, I have little interest in rowing through the gearbox every minute for half an hour each day.
Well, this is a little more like suing a limo company that specialises in clients who walk out of banks with bags of money, wearing masks and waving guns around...
UAC behaviour is different when the machine is on a domain - it prompts for a username and password. It's also trivially configurable for those foolish enough to be in some sort of multi-machine, multi-user environment without a domain controller.
Firstly, in those sorts of implicit-trust situations those people will typically know all the passwords anyway. An environment where multiple users have a single account, while "the password" remains secret, is practically unheard of (certainly I've never witnessed one during my ~20 years in the industry that was more than a few months old). Heck, environments with *multiple accounts* where most people don't know at least one other user's login and password are rare enough.
Secondly, they should have their own user accounts without privileges to elevate, UAC should be reconfigured to prompt for a username and password. Fast user switching makes this trivial.
Not in the most common usage scenario for an unmanaged machine (single home user and/or implicitly trusted group of users), it's not.
I am well aware sudo is configurable. I have spent many weeks of my life over the years configuring it.
Untrue. A graphical sudo prompt is essentially exactly what UAC is, in both theory and implementation. The only difference is not prompting for a password on an unmanaged machine, which presents essentially zero additional risk due to the environment nearly all such machines are found in.
The difference between how Windows Vista & 7, Linux (Ubuntu, et al) and OS X treat privilege escalation out of of the box, for nearly all people, is practically identical.
The "real explanation" is pretty simple. The increasing popularity of 16:10 and 16:9 screens mirrors their uptake because of HDTV. So:
Lots more people are now watching widescreen-formatted content on their computers.
Economies of scale make it cheaper to produce LCD panels that match up to common TV sizes.
Of course we won't. The current screen formats won't change again until TV screen formats do, and will change at essentially the same time.
If only two of those ports are physically connected, why does it matter ?
No it won't.
Only a vanishingly small proportion of customers will even know what a chipset is, let alone which specific model is in their PC.
Of *those*, probably half of them only ever buy along party lines, so a flaw in an Intel chipset is irrelevant to them.
Of the remainder, most will be aware of the issue and account for it. That's assuming, of course, one of these defective chipsets even gets into a system that has more than two SATA ports anyway, in itself a highly improbably outcome.
I have yet to see any data stored on a server that isn't easily accessible from at least one, and usually a lot more, clients connected to that server. Have you ?
Firstly, you need to be in an appropriate group to elevate via UAC. The first user created is in this group by default, just like they are in Ubuntu or OS X.
Secondly, the difference in security between an "OK" prompt and an "enter your password" prompt, in a standard end user scenario, is essentially zero. Unless you think the average person sitting at home is likely to have an attacker break into their house just so they can get admin rights on their PC ?
Thirdly, UAC can be trivially configured to prompt for a username and password if the security policies of the site require it.
No, the derision was because, as usual, Slashdotters tend to have SFA knowledge about how Windows actually works.