With sudo it's not the action OF THE PROGRAM ITSELF that causes the prompt -- it's program being launched with sudo. Something (usually user himself, sometimes the program) has to explicitly run sudo/gksudo -- otherwise there will be no privileged access, period.
First, I would dispute your assertion that non-administrative utilities shouldn't be started with sudo. I think it's quite reasonable to run almost any of the most common utilities -- ls, cat, cp, mv, grep, find, etc. -- with sudo. I'm not a sysadmin, but coming from the perspective of a home user, it would irk me to no end if I couldn't do that. (Actually it wouldn't because of my aforementioned habit of keeping a root shell open at all times, but that's somewhat beside the point.) Outside of the home environment, sudo does have a couple significant advantages over UAC, most notably that UAC (AFAIK) requires the root password instead of the current user's password.
cp is an administrative utility when used on files and directories owned by root. It's also only used on command line, and it does not accept any user input except for confirmation, so user never has to deal with GUI password prompt when running it -- password prompt is always on the same terminal where the user started cp, so there can't be any doubt about what it applies to. UAC has nothing to do with command line or terminals, it's always a prompt out of nowhere. It can be just as well a virus waiting for anything to trigger UAC and race-condition it for the prompt, so the the user will "confirm" a virus instead of some other utility and be none the wiser. This scenario is the reason why I see typical "console user can sudo anything" policy as insecure, but with UAC it's the only configuration possible because there is no policy.
Windows CE/Windows Mobile has one purpose -- preventing PDA and mobile phone users from being exposed to Symbian (OS used in old Psion PDA and modern Nokia E and N series). Microsoft never bothered selling Windows Mobile products to consumers (last time it did so with Windows CE, it destroyed the whole market of early PDA and subnotebooks), they sell it to cellular carriers that had full control of what customers were getting.
Which is basically the same as UAC prompts. They give you the executable name (though "helpfully" the full path is shortened with "..." if it's too long to fit in the window) which you can check.
No. With sudo you never see a question what exactly you are allowing or not allowing to be done, you only have to verify that executable is the one you have started. If any executable that is not started with sudo will try to do anything that require privileges it does not have, user will not be asked to confirm it -- access will be denied.
With a proper (granted, not one that is usually set by default) configuration of sudo, all non-administrative utilities are allowed to be started with sudo in the first place, so user entering the password merely confirms that he intends to run administrative utility.
For all practical purposes, IBM (and AT&T) actually did die -- the companies that now have their names and money, have little to no resemblance of IBM of 60's-80's. The most significant difference is the amount of control IBM had -- while originally it was able to determine the technology pretty much everyone was using, now most of the company acts merely as an umbrella for contractors working with whatever technology those push -- be it Windows, Linux, AIX or Solaris.
UAC prompt appears when something requests a privileged operation. It's left to the user to determine if it's supposed to be valid or not, and user usually has no idea how to determine that.
sudo/gksudo prompt appears when one application/script intends to run another one as root. It does not wait for any particular "privileged" action, so user only has to check if executable name matches. He also can configure sudoers file to not ask him for password for some or all applications. The only problem is, currently sudo is often configured to cover way too much (often everything) for the user created by default, so prompt is not shown if another application is started within the timeout, however this is the problem with configuration.
PolicyKit usually doesn't ask the user at all because permissions are in its configuration.
What this means is that, on this axis, I would say it's actually rather more convenient than sudo, because you don't have to restart the program to give it root permissions. There's none of the "crap, I needed to run this with sudo" that you get when working from the Linux command line.
In Unix-like systems you never run administrative utilities as a non-root user. The only three things you may want to run as both root and regular user are:
1. network analyzer 2. shell 3. text editor
All three should better be difficult to start in privileged mode because of serious security implications of what they can do.
UAC is far worse than sudo -- with sudo you have one point when application is started as root, and the only thing user has to say is to confirm that he actually wants to run something as administrator. Applications that run as root are still trusted to actually so the right thing because user isn't supposed to know what precisely a particular application should or shouldn't be allowed to do. When anything fine-grained is necessary, there is PolicyKit that controls access to services -- then user's input is only necessary if policy demands it.
UAC is all about not trusting the application or system configuration -- user is asked to make all the decisions. It's like bizarro PolicyKit -- fine-grained access control, but no actual policy behind it, so user has to make all decisions. The root of this problem is, of course, Windows' still-shitty IPC and per-process privileges/permissions handling -- until that is fixed, expect more braindamaged security from them.
Last time I checked, Berezovsky did not represent Russian (or USSR) government while hiding from FSB in UK and making martyrs out of his underperforming employees.
Hans Reiser's greatest act of assholeness was performed completely outside the Internet, and therefore does not qualify. His Internet-related achievements are limited to flame on LKML, and do not place him into the same league as the three-letter giants leading the list. He might be slightly above joels, but only because joels is an idiot and Reiser is not.
Church of Scientology is a bunch of assholes, and has a distinction of actually being evil, however their Internet-related efforts are pathetic -- they even managed to get slashdotted by someone other than Slashdot, what can be only described as lameness beyond lame. RIAA and MPAA have better claim to the place in the Internet assholes list because both are currently using the Internet in their war on their own customers.
Obviously not the one who deduced that judicial system should only serve those who amassed astronomical amount of wealth (likely by robbing and scamming the rest).
The number of deaths that actually can be attributed to Stalin's politically motivated persecution is about 2 millions over the whole time he was in power -- that includes executions, .
The figures that people see published and re-published now, are mostly taken from three sources:
1. Famine deaths in 30's (at worst they are an evidence of incompetence while handling severe drought). 2. Numbers A. Solzhenitsyn mentioned in GULAG Archipelago (that reflect nothing but strength of Solzhenitsyn's hatred for the government that unfairly imprisoned him) 3. Various "estimates" made by American historians and propaganda workers as a replacement for total lack of information they had.
When I've been to Moscow in 2003, you could catch some real trouble by not carrying a passport if the police stops you for whatever reason (they are fighting terrorists and crime too, you know).
Only if you are arrested, and they can't identify you (but so you would in US).
You have to obtain a registration document to stay for more than three days, or you can be legally detained.
That's for the categories of foreigners who don't have to get a visa. They still have to be registered _somewhere_.
A bunch of legal firms assit with this process, here's some info about what it is (if you can read Russian, that is, which I doubt).
Not only I can read Russian, the text you have linked says the above right in the first sentence!
In USSR times? About 1% of income. Its main purpose was to make sure there is an ongoing record, actual costs were heavily subsidized (government had all the profits from government-run industry, so it didn't have to rely on taxes that were similarly low/token amounts for individuals).
Americans have "freedom of movement" (actually freedom of not telling the government that they have moved) at the expense of a right to a dwelling, and 30%-50% of their income being eaten by rent or mortgages.
After living in both countries I can assure all of you that "right to a dwelling" alone provides more impact than all your piddly "you have a right if you are rich enough, otherwise you are screwed" rights.
2. What percentage of European history actually happened under the umbrella of EU? We can be generous and include the time when Roman Empire and Franks had control over the whole Europe into "united Europe" time.
3. What other institutions are unified in Europe, to provide equivalent of IRS, FBI, CIA, SEC...?
UK for all practical purposes is an umbrella over four distinct cultures. Over their history they spent more time fighting or ignoring each other than doing anything else. They would benefit from combining their education systems, but that would cause so much political trouble, it's not worth trying. On the other hand, all four spent centuries developing their cultures, and that included traditions in schools and education.
US is merely one of former British colonies with nearly 100% of modern population descended from post-colonization immigrants with slightly varying percentages of people of various origin, who share basically the same history and culture (though split into social classes, just like everyone else). Most of supposed "diversity" of US is actually the result of racist view that somehow a poor black person who believes that he will be rich one day is fundamentally different from a poor white person who believes that he will be rich one day.
Development of curriculum is not a "per student" cost, but it has more impact on the quality of education than pretty much anything else. Civilized countries treat it at least at the same level of seriousness as US treated Manhattan Project. US, on the other hand...
With GUI prompt?
With sudo it's not the action OF THE PROGRAM ITSELF that causes the prompt -- it's program being launched with sudo. Something (usually user himself, sometimes the program) has to explicitly run sudo/gksudo -- otherwise there will be no privileged access, period.
First, I would dispute your assertion that non-administrative utilities shouldn't be started with sudo. I think it's quite reasonable to run almost any of the most common utilities -- ls, cat, cp, mv, grep, find, etc. -- with sudo. I'm not a sysadmin, but coming from the perspective of a home user, it would irk me to no end if I couldn't do that. (Actually it wouldn't because of my aforementioned habit of keeping a root shell open at all times, but that's somewhat beside the point.) Outside of the home environment, sudo does have a couple significant advantages over UAC, most notably that UAC (AFAIK) requires the root password instead of the current user's password.
cp is an administrative utility when used on files and directories owned by root. It's also only used on command line, and it does not accept any user input except for confirmation, so user never has to deal with GUI password prompt when running it -- password prompt is always on the same terminal where the user started cp, so there can't be any doubt about what it applies to. UAC has nothing to do with command line or terminals, it's always a prompt out of nowhere. It can be just as well a virus waiting for anything to trigger UAC and race-condition it for the prompt, so the the user will "confirm" a virus instead of some other utility and be none the wiser. This scenario is the reason why I see typical "console user can sudo anything" policy as insecure, but with UAC it's the only configuration possible because there is no policy.
Windows CE/Windows Mobile has one purpose -- preventing PDA and mobile phone users from being exposed to Symbian (OS used in old Psion PDA and modern Nokia E and N series). Microsoft never bothered selling Windows Mobile products to consumers (last time it did so with Windows CE, it destroyed the whole market of early PDA and subnotebooks), they sell it to cellular carriers that had full control of what customers were getting.
utilities are allowed to be started with sudo in the first place
Should be "are not allowed".
Which is basically the same as UAC prompts. They give you the executable name (though "helpfully" the full path is shortened with "..." if it's too long to fit in the window) which you can check.
No. With sudo you never see a question what exactly you are allowing or not allowing to be done, you only have to verify that executable is the one you have started. If any executable that is not started with sudo will try to do anything that require privileges it does not have, user will not be asked to confirm it -- access will be denied.
With a proper (granted, not one that is usually set by default) configuration of sudo, all non-administrative utilities are allowed to be started with sudo in the first place, so user entering the password merely confirms that he intends to run administrative utility.
For all practical purposes, IBM (and AT&T) actually did die -- the companies that now have their names and money, have little to no resemblance of IBM of 60's-80's. The most significant difference is the amount of control IBM had -- while originally it was able to determine the technology pretty much everyone was using, now most of the company acts merely as an umbrella for contractors working with whatever technology those push -- be it Windows, Linux, AIX or Solaris.
UAC prompt appears when something requests a privileged operation. It's left to the user to determine if it's supposed to be valid or not, and user usually has no idea how to determine that.
sudo/gksudo prompt appears when one application/script intends to run another one as root. It does not wait for any particular "privileged" action, so user only has to check if executable name matches. He also can configure sudoers file to not ask him for password for some or all applications. The only problem is, currently sudo is often configured to cover way too much (often everything) for the user created by default, so prompt is not shown if another application is started within the timeout, however this is the problem with configuration.
PolicyKit usually doesn't ask the user at all because permissions are in its configuration.
What this means is that, on this axis, I would say it's actually rather more convenient than sudo, because you don't have to restart the program to give it root permissions. There's none of the "crap, I needed to run this with sudo" that you get when working from the Linux command line.
In Unix-like systems you never run administrative utilities as a non-root user. The only three things you may want to run as both root and regular user are:
1. network analyzer
2. shell
3. text editor
All three should better be difficult to start in privileged mode because of serious security implications of what they can do.
UAC is far worse than sudo -- with sudo you have one point when application is started as root, and the only thing user has to say is to confirm that he actually wants to run something as administrator. Applications that run as root are still trusted to actually so the right thing because user isn't supposed to know what precisely a particular application should or shouldn't be allowed to do. When anything fine-grained is necessary, there is PolicyKit that controls access to services -- then user's input is only necessary if policy demands it.
UAC is all about not trusting the application or system configuration -- user is asked to make all the decisions. It's like bizarro PolicyKit -- fine-grained access control, but no actual policy behind it, so user has to make all decisions. The root of this problem is, of course, Windows' still-shitty IPC and per-process privileges/permissions handling -- until that is fixed, expect more braindamaged security from them.
No "states rights" => no electoral college.
lol twitter.
I remember MEEPT!
I have heard, Obama is busy choosing the White House cat, you will all look like total losers if it won't be Tacgnol.
Last time US invaded Vietnam, US lost the war.
Last time I checked, Berezovsky did not represent Russian (or USSR) government while hiding from FSB in UK and making martyrs out of his underperforming employees.
Hans Reiser's greatest act of assholeness was performed completely outside the Internet, and therefore does not qualify. His Internet-related achievements are limited to flame on LKML, and do not place him into the same league as the three-letter giants leading the list. He might be slightly above joels, but only because joels is an idiot and Reiser is not.
Church of Scientology is a bunch of assholes, and has a distinction of actually being evil, however their Internet-related efforts are pathetic -- they even managed to get slashdotted by someone other than Slashdot, what can be only described as lameness beyond lame. RIAA and MPAA have better claim to the place in the Internet assholes list because both are currently using the Internet in their war on their own customers.
No Microsoft -> no massive malware problem!
(inb4 "but any popular system will be insecuuure!!!")
Obviously not the one who deduced that judicial system should only serve those who amassed astronomical amount of wealth (likely by robbing and scamming the rest).
The number of deaths that actually can be attributed to Stalin's politically motivated persecution is about 2 millions over the whole time he was in power -- that includes executions, .
The figures that people see published and re-published now, are mostly taken from three sources:
1. Famine deaths in 30's (at worst they are an evidence of incompetence while handling severe drought).
2. Numbers A. Solzhenitsyn mentioned in GULAG Archipelago (that reflect nothing but strength of Solzhenitsyn's hatred for the government that unfairly imprisoned him)
3. Various "estimates" made by American historians and propaganda workers as a replacement for total lack of information they had.
1. Lifetime achievement:
Honorable mention: joels
2. Collective efforts:
(feel free to expand this list)
When I've been to Moscow in 2003, you could catch some real trouble by not carrying a passport if the police stops you for whatever reason (they are fighting terrorists and crime too, you know).
Only if you are arrested, and they can't identify you (but so you would in US).
You have to obtain a registration document to stay for more than three days, or you can be legally detained.
That's for the categories of foreigners who don't have to get a visa. They still have to be registered _somewhere_.
A bunch of legal firms assit with this process, here's some info about what it is (if you can read Russian, that is, which I doubt).
Not only I can read Russian, the text you have linked says the above right in the first sentence!
In USSR times? About 1% of income. Its main purpose was to make sure there is an ongoing record, actual costs were heavily subsidized (government had all the profits from government-run industry, so it didn't have to rely on taxes that were similarly low/token amounts for individuals).
Americans have "freedom of movement" (actually freedom of not telling the government that they have moved) at the expense of a right to a dwelling, and 30%-50% of their income being eaten by rent or mortgages.
After living in both countries I can assure all of you that "right to a dwelling" alone provides more impact than all your piddly "you have a right if you are rich enough, otherwise you are screwed" rights.
1. What language do they speak in European Union?
2. What percentage of European history actually happened under the umbrella of EU? We can be generous and include the time when Roman Empire and Franks had control over the whole Europe into "united Europe" time.
3. What other institutions are unified in Europe, to provide equivalent of IRS, FBI, CIA, SEC...?
...sez American Institutes for Research, based on a study using criteria made by Americans, specifically to be applicable for American students.
UK for all practical purposes is an umbrella over four distinct cultures. Over their history they spent more time fighting or ignoring each other than doing anything else. They would benefit from combining their education systems, but that would cause so much political trouble, it's not worth trying. On the other hand, all four spent centuries developing their cultures, and that included traditions in schools and education.
US is merely one of former British colonies with nearly 100% of modern population descended from post-colonization immigrants with slightly varying percentages of people of various origin, who share basically the same history and culture (though split into social classes, just like everyone else). Most of supposed "diversity" of US is actually the result of racist view that somehow a poor black person who believes that he will be rich one day is fundamentally different from a poor white person who believes that he will be rich one day.
Development of curriculum is not a "per student" cost, but it has more impact on the quality of education than pretty much anything else. Civilized countries treat it at least at the same level of seriousness as US treated Manhattan Project. US, on the other hand...