Refering to your A and B: A] With helper programs (those who ask for passwords when some action is triggered) you have session management - this means, that you can set up machine to keep your root-pasword-entered session enabled for like 30 minutes (or when you manualy drop it). Actually this is how it looks in RH/Fedora - when user helper runs you enter the password and then a key icon shows up in tray notification area - that means that you are authenticated for some time and during this time you don't need to supply password.
Entire concept of privilege separation is for this that you don't run entire session (all programs) as root, you only run some applications on different privilege as root and that is exactly what is happening here. Also add to this SELinux policies that are going to be present in next RH/Fedora release, that policies minimize risks of running software as root, f.e. you could issue "rm / -rf" as superuser and nothing bad should have happen if proper policy is set.
B] It is not like every aplication in system can ask for root password and then get a higher privilege. Mind that. There is only a set of applications (which come with distriution) that are allowed to ask for password and actually check that password against authentication data - and this set of applications is trusted (since it comes from known supplier, after all you wont be running Fedora if you don't trust its packages won't you?).
It would be neat to have one with Mozilla Firefox (also with Macromedia Flash, Java and so on)... I mean *msi files. They make life easier in large networks and would make adoption easier for sysadmins.
Like supplying passwords all the time, no grained access control, no per host control, no session (f.e. opened session last for 2 minutes for command "su") and so on... Reall RunAs sucks. That is particulary (not straight due to RunAs but to Windows poor privilege separation) why most users run Administrator account...
If you want binaries you can grab it from developement branch (check FTP server near you). You can also grab SRPM and recompile it. But right now in developement it is only 6.7.99 version, but is not much (if any) different from so called "release". There are probably some cosmetic changes...
Don't expect third party packagers to package this as it would be waste of resources (it is already in core system packages so no need for third party).
I'am pulling http://download.fedora.redhat.com/pub/fedora/linux/core/development/SRPMS/xorg-x11-6.7.99.903-5.src. rpm right and will atempt to compile it.:-) But my question (as I cannot get to xorg servers to see ChangeLog) - has anything important changed since 6.7.99 -> 6.8? Or is it just cosmetic release number (with no changes behind it) with the same code as 6.7.99?
Don't forget there are also alternatives as 'op' -- https://svn.swapoff.org/op -- it is quite different from sudo and may please your needs.:-) Also this M$ patent is pathetic. op site states that this tool was released in 1990... And for me sudo and op are technically (probabl were also 10 years ago) superior to MS RunAs service which plainly sucks...
Yes but drawing GUI is something different from managing files... Do you think implementations like (check out my other post in this thread) procfs or sysfs are mess? They are very convinient and useful IMHO. Oh and that can be done on various platforms.
Yes I am exactly talking about this Enough is a standard API so that Gnome and KDE can make a "File Open Dialog" for opening files. OK lets assume that GNOME and KDE standardize on one implementation. But what with dozens of other stuff like OpenOffice.org, Blender, Apache (I've just named some killer apps that you can not deny that are important)? You want Apache to use *GNOME* or *KDE* API's? Files and so on should be handled at kernel level (yes it is kernel level, kernel acts betwen applications and filesystem giving applications consistent interface to *any* (supported) underlying FS).
Yes in filesystem that is obvious. But usualy when you use filesystem it managed by kernel.:-) So it is somehow mounted in / and visible as some directory.:-) It could be handled something as a *special* (not typical like lets say FAT or ext3) filesystem such as proc or sys or devfs and so on... Basicaly so I can use *shell* (if you can use shell you can use GUI on it also it is in standard unix path) to browse this db filesystem. It is just a example but imagine something like this: "/sqlfs/dbname:SQL_QUERY/"... It could be used in KDE, GNOME or whatever that can use files and directories...
I know that it does not *need* to be at kernel/system level. But it makes most of sense in that way. I use many different applications, ranging from non interface daemons, via CLI to GUI aplications. If I would ever think about bothering with somekind of batabase driven filesystem I would like it to support every application I use. It only makes sense in this way. F.e. I love ZSH and I do whole of my file management under shell, but I also love Rhythymbox - so for me it is only valuable if I get the same interface (for DB-filesystem) in my CLI app, in my GUI app, and even in my daemon app (which makes something automated for me, or serves something). And only way to go is *one* userspace library/daemon (not posible it is Open Source) or kernel/system level. I'll go system level with ReiserFS4 and plugins that will come soon...
Nobody is sugesting to use such database FS for entire system. Only for specific data (f.e. user documents) - not entire system (binaries, libraries etc.) where such performance matters. Well in fact it will improve performance since right now applications that need such indexing (best examples are apps for organizing music (like iTunes) or digital pictures colections (like Adobe Photo Album or Google Picasa)) do it themselves which probably is not the fastest way and is not unified across the system. Now for *some* applications such view on files that lets you query for specific files/objects operating on query results rather as directories of files have much benefit. But it is only for organizing data, and in limited scope (as I've said - digital music, photography, probably some other fields). I don't really belive that this would seed up searching for office documents over LAN or smth. - when somebodys documents are in mess DB-FS won't change anything as the documents probably lack metadata, proper naming anyway.
Such thing should be implemented at kernel level to be transparent for *any* aplication. Without this it will just lead to a mess (like 4 different implementations) and some apps working with it and most not. As f.e. you can browse SMB network with Nautilus but when you actually try to open a file (from SMB via Nautilus) in OpenOffice.org you will get a info that viewer does not support this method... It must be a standard system routine not another level between system and GUI.
Well it is not here obviously. Read my posting again then... As for SUS of course it is but it is not free it requires Windows Server...
And really this are just details. What with MSIE? It is still buggy like hell and SP2 does not change it... What about services and so on? Windows still leaves to many ports open... What about privilege separation? Windows still encourages users to work on Administrator account and does nothing to prevent such behavior. Add up unsecure MSIE and working on Administrator account and you have same security level as without SP2 -what has changed? Tell me please.
As for privilego separation I remember that some applications (even certified as XP compatible) won't run nonadministrative account... See this is exactly opposite to Linux. In Linux some applications won't run from root account.:-)
How firewalling can do something with security? I mean it is security when you control network access with FW. But when FW is used to block something that can't be blocked normally (just like to choose to not expose a port when you don't need to) - it is obscurity.
I mean like - with normal (OK that is a bit of a flame, I mean normal system where user/admin can fully control it) system you can just choose which services listen on (and if they) which IP and which port. With Windows you must leave some ports open (and FW them) to make Windows work... It is stupid by design. You can safely assume that 90% of home users (corporate still have admins) run only one PC setup. This MEANING THAT NO PORTS SHOULD BE OPEN OR OPEN *AND* FIREWALLED they should be closed in the first place... Now for some trolling - this is how Linux works (mostly).
It is obviously clear that large organisation can switch to Open Source tools for DTP needs (and round them) like for years. LaTeX is here and it is proven (for some companies) to be the best choice. But what with the simpliest DTP - for people that don't really know much about DTP - they just work like monkies in Corel and indeed produce something that makes revenue... I myself face such situation - I would convert entire office to Linux if there was a native version of corel aviable (I know - things like WINE/COOffice - but this makes no sense). Now for hardcore DTP operators Linux gives a lot of options, also commercial offerings are aviable (checkout PageStream for Linux) - but they require somebody to actually have a skill in what he is doing... Windows tools come with extensive libraries of templates, examples, tutors, 3rd party plugins - this stuff really makes things easier. I love Linux and I'am posting this from my custom built distribution - but to be real if no tool like Corel shows up for Linux - it has no chance in things like (name it) desktop publishing. Scribus is nice. For hobbyists.
I'll repost something I've written today: #v+ well SP2 is IMHO funny they really haven't added anything useful to it
1] popup blocker - but hey I've got popup blocker in MSIE for like one yer thanks to - http://toolbar.google.com/ - and it comes with google search feture which is uber-cool. I install it on every XP client I touch so OK - popup blocker. how innovative...
2] hardened MSIE - well it is a myth. it is still the same MSIE, nothng changed beneath. still to deeply integrated in system, still with unsecure features like ActiveX - it is just they are turned off by defaut so first thing you will do is reebable thise features since without them nothing works. nice patch... really.
3] NX technology - well it is something but right now it makes no difference as it requires modern hardware and only few chips support that. and I'am (and I'am not alone here) probably not going to change (meaning networks I administer) hardware till it dies... so few more years to go without NX... and also to mention Linux has similar options (executable stack protection) for ages - aviable as patches f.e. PaX. (for kernel) and also few options (like pro-police-gcc) to glibc... and if you need you can recompile everything against those features as it is Open Source... again MS - innovative... really
4] new firewall - well good to see it but it has it's flaws. like it runs in user space, it is worse than other offerings. but still - this is feature I find nice.
what other things left? lets see...
5] new Windows Update - new but it sucks ass like ever. why can't make a decent patching service. it only requires a server and decent GUI for client. I mean jesus I can make such thing myself, just give me specs and some time and I could make it. options I would include: * decent GUI for configuration with Active Direvtory support tu push configuration to domain * setup proxy server for updates (f.e. local proxy server to limit bandwith use) * free local proxy server software for updates. it even could be only on Windows. to have one machine cacheing updates in LAN - jesus it's being done in Linux so easly, I can set up my own updates proxy with Linux in like 3 minutes... * option to choose which connection can be used for automatic downloads (f.e. I wouldn't like my system to pull updates when I am connected via GPRS mobile modem, but I wouldn't mind when it does when I am on corporate LAN) * some better handling of applying those patches. maybe just downloading them and waiting (I mean waiting not bothering me to reboot manually) for next boot to apply patches while booting (no files locked)...
what else left "new"... oh the funniest thing! new Security Center applet in Control Panel - a place where you can se that you are "secured" (not to mention that you still can be 0wned) - weeeeeeelll in one thing Micro$oft is brilliant - marketing: people wan't secure Windows, tell them they are secure, show them nice icons telling them that they are secure - people can actually belive it that is in some way brilliant isn't it? too bad it does not work better security for me (and you)...
and also this hype with Longhorn delays due to shifting literally everybody to develop SP2 - what they actually developed? few icons? changed default settings? this requires whole resources of multibilion software gigant? that is pathetic for me... Fedora community alone (backed by Red Hat but still it is different scale than M$) can do amazing things like incorporating advanced MAC security with SELinux in months, and software giant can't make a basic security level with all theirs resources (oh and they do leave things unpatched, or issue things like disable login from URL as a patch, oh and update breaks like every 1 of 10 setups)? and still they say open source model is not superior? mehehehahhwhw...:P~ - this means only good things for Linux, bad things for Micro$oft and sadly bad things for me (us) as we live in a M$ world - consider getting even more probes
It is free, it is open, it works. That is for streaming from device. As for changing channels you can do anything from remote shell, VNC, X11, HTTP whatever - changing channels in tuner is minor problem here...
On my FC1 I can run pograms I've compiled on RHL6...:-) Right now I'am fighting with some VBS aplication which works perfectly under Windows 98 and fails to run on XP. I don't see this connection between compatibility and UNIX. I've also happen to run very old DOS programs (Clipper) under xdosemu and they work better than on XP (especially things like using printer and so on - it is PITA to configure XP for DOS to use printer, with some printers you cant as they cannot accept plain text printouts)...
So this is what is MS thinking: implement the things that FOSS world can't do thanks to its red-tape laden world-view. Implement a filesystem layer that provides nifty functions that while aren't new are new in this scale. Writing a similiar filesystem and getting it into use in the FOSS world would not happen, or if it did, take a decade.
Decade? Why? Have you ever heard of ReiserFS4? It is here (released few weeks ago) and has *a* *lot* of nifty features, managed by plugin interface so you can even add your own nifty feature. That is one. Two: what makes everybody think that WinFS will deliver some nifty experience? Maybe it will be, a total failure? It depends and it is not said that it will be a hit. Maybe not. We'll *see* (as for now I cannot se anything about buzzwords and WinFS). And have you RTFA? Their going back from WinFS... And I am not stating that in 2 or so years everybody will use ReiserFS4 either. If it will be good and get stabilized - I will use it it will go in kernel soon... I am sure that will happen sooner that anybody sees WinFS doing anything. And a bit trolling. Do this WinFS nifty stuff plans to give me something like hard and symbolic links? Or still some mockup like *.lnk oddnes...?
Re-write the graphical subsystem to use strictly vectored screen elements. This is a huge boon to developers - any GUI programmer can tell you what a pain it is thinking about how your application will look at 800x600, at 1600x1200, etc. Will that panel here look funny since it will 99% empty at 1600x1200? Sure different programming enviornments will physically scale the interface for you, but how will it look, feel, and work? Enter Avalon, MS's solution. Screen elements will stay the same size while you increase resolution, but your workspace will gain resolution and capability. All of the sudden you can edit a large image in Photoshop on your high-resolution monitor without all the widgets becoming microscopic. How long would it take for the FOSS world to replicate this? X is completely widget agnostic.
Again. You sure have point but you missing some things. Such implementation has little to do with X themselves - it will be rather handled by toolkit +X extensions. And these extensions are here. Next version of XOrg is comming due to september. And that is only the begining. You have also java3d, svg (and SVG is already used on X desktop) - all this technologies are Open Source. So it is not like nothing new here in Linux, especialy when you compare to f.e. what was here one or two years ago. And MS is probably backing with Avalon also...
In fact we got better memory management. New kernel, faster system, and some aditional services and management (think for system administrators) capabilities. Oh, and it looks the same and runs faster when you apply few *.reg files on it. XP is quite cool, and I write it using Fedora Core? Sick?
I would go further and simply disable super-user (aka root, aka Administrator) account - there is no need to use it on daily basis. Only thing users need are convinient frontends for installing software and configuring the system. They just need to click on software (or hardware) manager and click it when he needs to add software - meaning no need to run everything (think MSIE) as super user, only selected (and allowed by vendor) components that actually need it. It is funny that MS has pattented "sudo-like service" but their's own RunAs service sucks ass very much... I like (from users point of view) the fashion this is treated f.e. in Fedora, set of PAM's and userhelpers and you can do anything just knowing root password and running as normal user, it even remembers root password for session (AFAIR 15 min.) - now try to configure Windows system without loging for entire sesion as Administrator...
IBM Dev Pages had an interesting view on this. Althougt it is more for desktop setups (system boots faster - who needs that?). But still it is IMO interesting: Boot Linux Faster.
RedHat: 4, for the following:
1. Dec 2nd: Updated 2.4 kernel fixes privilege escalation security vulnerability RHSA-2003:392-05
2. Dec 16th: Updated lftp packages fix security vulnerability RHSA-2003:403-07
3. Dec 17th: Updated httpd packages fix Apache security vulnerabilities RHSA-2003:320-09
4. Dec 24th: Updated 2.4 kernel fixes various bugs RHBA-2003:394-08
2. - ltfp is a CLIENT not server.
3. - this fix very uncommon situation when you're using mod_rewrite with 8 or more regexp pattern.
4. - this not an security patch (it may cause kernel crash under some rare circumstances (specific hardware) but not remotely exploitable, not sec bug).
Everything else u mention is plain bullshit to me. Security is not about counting how many flaws were FIXED. Security is a constant process of applying patches, etc. Applying patches on Windows is still (bit less then before but still) a serious pain in the ass.
Slashdot Mirror
Refering to your A and B:
A] With helper programs (those who ask for passwords when some action is triggered) you have session management - this means, that you can set up machine to keep your root-pasword-entered session enabled for like 30 minutes (or when you manualy drop it). Actually this is how it looks in RH/Fedora - when user helper runs you enter the password and then a key icon shows up in tray notification area - that means that you are authenticated for some time and during this time you don't need to supply password.
Entire concept of privilege separation is for this that you don't run entire session (all programs) as root, you only run some applications on different privilege as root and that is exactly what is happening here. Also add to this SELinux policies that are going to be present in next RH/Fedora release, that policies minimize risks of running software as root, f.e. you could issue "rm / -rf" as superuser and nothing bad should have happen if proper policy is set.
B] It is not like every aplication in system can ask for root password and then get a higher privilege. Mind that. There is only a set of applications (which come with distriution) that are allowed to ask for password and actually check that password against authentication data - and this set of applications is trusted (since it comes from known supplier, after all you wont be running Fedora if you don't trust its packages won't you?).
It would be neat to have one with Mozilla Firefox (also with Macromedia Flash, Java and so on)... I mean *msi files. They make life easier in large networks and would make adoption easier for sysadmins.
Like supplying passwords all the time, no grained access control, no per host control, no session (f.e. opened session last for 2 minutes for command "su") and so on... Reall RunAs sucks. That is particulary (not straight due to RunAs but to Windows poor privilege separation) why most users run Administrator account...
I've just finished the build. :-) But anyway thanks for info.
If you want binaries you can grab it from developement branch (check FTP server near you). You can also grab SRPM and recompile it. But right now in developement it is only 6.7.99 version, but is not much (if any) different from so called "release". There are probably some cosmetic changes...
Don't expect third party packagers to package this as it would be waste of resources (it is already in core system packages so no need for third party).
I'am pulling http://download.fedora.redhat.com/pub/fedora/linux /core/development/SRPMS/xorg-x11-6.7.99.903-5.src. rpm right and will atempt to compile it. :-) But my question (as I cannot get to xorg servers to see ChangeLog) - has anything important changed since 6.7.99 -> 6.8? Or is it just cosmetic release number (with no changes behind it) with the same code as 6.7.99?
Don't forget there are also alternatives as 'op' -- https://svn.swapoff.org/op -- it is quite different from sudo and may please your needs. :-) Also this M$ patent is pathetic. op site states that this tool was released in 1990... And for me sudo and op are technically (probabl were also 10 years ago) superior to MS RunAs service which plainly sucks...
You are right but this are details. Only thing I wanted to state that such implementation should work for open() function as an ordinary unix path.
Yes but drawing GUI is something different from managing files... Do you think implementations like (check out my other post in this thread) procfs or sysfs are mess? They are very convinient and useful IMHO. Oh and that can be done on various platforms.
Yes I am exactly talking about this Enough is a standard API so that Gnome and KDE can make a "File Open Dialog" for opening files. OK lets assume that GNOME and KDE standardize on one implementation. But what with dozens of other stuff like OpenOffice.org, Blender, Apache (I've just named some killer apps that you can not deny that are important)? You want Apache to use *GNOME* or *KDE* API's? Files and so on should be handled at kernel level (yes it is kernel level, kernel acts betwen applications and filesystem giving applications consistent interface to *any* (supported) underlying FS).
Yes in filesystem that is obvious. But usualy when you use filesystem it managed by kernel. :-) So it is somehow mounted in / and visible as some directory. :-) It could be handled something as a *special* (not typical like lets say FAT or ext3) filesystem such as proc or sys or devfs and so on... Basicaly so I can use *shell* (if you can use shell you can use GUI on it also it is in standard unix path) to browse this db filesystem. It is just a example but imagine something like this: "/sqlfs/dbname:SQL_QUERY/"... It could be used in KDE, GNOME or whatever that can use files and directories...
I know that it does not *need* to be at kernel/system level. But it makes most of sense in that way. I use many different applications, ranging from non interface daemons, via CLI to GUI aplications. If I would ever think about bothering with somekind of batabase driven filesystem I would like it to support every application I use. It only makes sense in this way. F.e. I love ZSH and I do whole of my file management under shell, but I also love Rhythymbox - so for me it is only valuable if I get the same interface (for DB-filesystem) in my CLI app, in my GUI app, and even in my daemon app (which makes something automated for me, or serves something). And only way to go is *one* userspace library/daemon (not posible it is Open Source) or kernel/system level. I'll go system level with ReiserFS4 and plugins that will come soon...
Nobody is sugesting to use such database FS for entire system. Only for specific data (f.e. user documents) - not entire system (binaries, libraries etc.) where such performance matters. Well in fact it will improve performance since right now applications that need such indexing (best examples are apps for organizing music (like iTunes) or digital pictures colections (like Adobe Photo Album or Google Picasa)) do it themselves which probably is not the fastest way and is not unified across the system. Now for *some* applications such view on files that lets you query for specific files/objects operating on query results rather as directories of files have much benefit. But it is only for organizing data, and in limited scope (as I've said - digital music, photography, probably some other fields). I don't really belive that this would seed up searching for office documents over LAN or smth. - when somebodys documents are in mess DB-FS won't change anything as the documents probably lack metadata, proper naming anyway.
Such thing should be implemented at kernel level to be transparent for *any* aplication. Without this it will just lead to a mess (like 4 different implementations) and some apps working with it and most not. As f.e. you can browse SMB network with Nautilus but when you actually try to open a file (from SMB via Nautilus) in OpenOffice.org you will get a info that viewer does not support this method... It must be a standard system routine not another level between system and GUI.
Well it is not here obviously. Read my posting again then... As for SUS of course it is but it is not free it requires Windows Server... And really this are just details. What with MSIE? It is still buggy like hell and SP2 does not change it... What about services and so on? Windows still leaves to many ports open... What about privilege separation? Windows still encourages users to work on Administrator account and does nothing to prevent such behavior. Add up unsecure MSIE and working on Administrator account and you have same security level as without SP2 -what has changed? Tell me please. As for privilego separation I remember that some applications (even certified as XP compatible) won't run nonadministrative account... See this is exactly opposite to Linux. In Linux some applications won't run from root account. :-)
How firewalling can do something with security? I mean it is security when you control network access with FW. But when FW is used to block something that can't be blocked normally (just like to choose to not expose a port when you don't need to) - it is obscurity. I mean like - with normal (OK that is a bit of a flame, I mean normal system where user/admin can fully control it) system you can just choose which services listen on (and if they) which IP and which port. With Windows you must leave some ports open (and FW them) to make Windows work... It is stupid by design. You can safely assume that 90% of home users (corporate still have admins) run only one PC setup. This MEANING THAT NO PORTS SHOULD BE OPEN OR OPEN *AND* FIREWALLED they should be closed in the first place... Now for some trolling - this is how Linux works (mostly).
It is obviously clear that large organisation can switch to Open Source tools for DTP needs (and round them) like for years. LaTeX is here and it is proven (for some companies) to be the best choice. But what with the simpliest DTP - for people that don't really know much about DTP - they just work like monkies in Corel and indeed produce something that makes revenue... I myself face such situation - I would convert entire office to Linux if there was a native version of corel aviable (I know - things like WINE/COOffice - but this makes no sense). Now for hardcore DTP operators Linux gives a lot of options, also commercial offerings are aviable (checkout PageStream for Linux) - but they require somebody to actually have a skill in what he is doing... Windows tools come with extensive libraries of templates, examples, tutors, 3rd party plugins - this stuff really makes things easier. I love Linux and I'am posting this from my custom built distribution - but to be real if no tool like Corel shows up for Linux - it has no chance in things like (name it) desktop publishing. Scribus is nice. For hobbyists.
I'll repost something I've written today:
:P~ - this means only good things for Linux, bad things for Micro$oft and sadly bad things for me (us) as we live in a M$ world - consider getting even more probes
#v+
well SP2 is IMHO funny they really haven't added anything useful to it
1] popup blocker - but hey I've got popup blocker in MSIE for like one yer thanks to - http://toolbar.google.com/ - and it comes with google search feture which is uber-cool. I install it on every XP client I touch so OK - popup blocker. how innovative...
2] hardened MSIE - well it is a myth. it is still the same MSIE, nothng changed beneath. still to deeply integrated in system, still with unsecure features like ActiveX - it is just they are turned off by defaut so first thing you will do is reebable thise features since without them nothing works. nice patch... really.
3] NX technology - well it is something but right now it makes no difference as it requires modern hardware and only few chips support that. and I'am (and I'am not alone here) probably not going to change (meaning networks I administer) hardware till it dies... so few more years to go without NX... and also to mention Linux has similar options (executable stack protection) for ages - aviable as patches f.e. PaX. (for kernel) and also few options (like pro-police-gcc) to glibc... and if you need you can recompile everything against those features as it is Open Source... again MS - innovative... really
4] new firewall - well good to see it but it has it's flaws. like it runs in user space, it is worse than other offerings. but still - this is feature I find nice.
what other things left? lets see...
5] new Windows Update - new but it sucks ass like ever. why can't make a decent patching service. it only requires a server and decent GUI for client. I mean jesus I can make such thing myself, just give me specs and some time and I could make it. options I would include:
* decent GUI for configuration with Active Direvtory support tu push configuration to domain
* setup proxy server for updates (f.e. local proxy server to limit bandwith use)
* free local proxy server software for updates. it even could be only on Windows. to have one machine cacheing updates in LAN - jesus it's being done in Linux so easly, I can set up my own updates proxy with Linux in like 3 minutes...
* option to choose which connection can be used for automatic downloads (f.e. I wouldn't like my system to pull updates when I am connected via GPRS mobile modem, but I wouldn't mind when it does when I am on corporate LAN)
* some better handling of applying those patches. maybe just downloading them and waiting (I mean waiting not bothering me to reboot manually) for next boot to apply patches while booting (no files locked)...
what else left "new"... oh the funniest thing! new Security Center applet in Control Panel - a place where you can se that you are "secured" (not to mention that you still can be 0wned) - weeeeeeelll in one thing Micro$oft is brilliant - marketing: people wan't secure Windows, tell them they are secure, show them nice icons telling them that they are secure - people can actually belive it that is in some way brilliant isn't it? too bad it does not work better security for me (and you)...
and also this hype with Longhorn delays due to shifting literally everybody to develop SP2 - what they actually developed? few icons? changed default settings? this requires whole resources of multibilion software gigant? that is pathetic for me... Fedora community alone (backed by Red Hat but still it is different scale than M$) can do amazing things like incorporating advanced MAC security with SELinux in months, and software giant can't make a basic security level with all theirs resources (oh and they do leave things unpatched, or issue things like disable login from URL as a patch, oh and update breaks like every 1 of 10 setups)? and still they say open source model is not superior? mehehehahhwhw...
http://www.videolan.org/
It is free, it is open, it works. That is for streaming from device. As for changing channels you can do anything from remote shell, VNC, X11, HTTP whatever - changing channels in tuner is minor problem here...
On my FC1 I can run pograms I've compiled on RHL6... :-) Right now I'am fighting with some VBS aplication which works perfectly under Windows 98 and fails to run on XP. I don't see this connection between compatibility and UNIX. I've also happen to run very old DOS programs (Clipper) under xdosemu and they work better than on XP (especially things like using printer and so on - it is PITA to configure XP for DOS to use printer, with some printers you cant as they cannot accept plain text printouts)...
Decade? Why? Have you ever heard of ReiserFS4? It is here (released few weeks ago) and has *a* *lot* of nifty features, managed by plugin interface so you can even add your own nifty feature. That is one. Two: what makes everybody think that WinFS will deliver some nifty experience? Maybe it will be, a total failure? It depends and it is not said that it will be a hit. Maybe not. We'll *see* (as for now I cannot se anything about buzzwords and WinFS). And have you RTFA? Their going back from WinFS... And I am not stating that in 2 or so years everybody will use ReiserFS4 either. If it will be good and get stabilized - I will use it it will go in kernel soon... I am sure that will happen sooner that anybody sees WinFS doing anything. And a bit trolling. Do this WinFS nifty stuff plans to give me something like hard and symbolic links? Or still some mockup like *.lnk oddnes...?
Re-write the graphical subsystem to use strictly vectored screen elements. This is a huge boon to developers - any GUI programmer can tell you what a pain it is thinking about how your application will look at 800x600, at 1600x1200, etc. Will that panel here look funny since it will 99% empty at 1600x1200? Sure different programming enviornments will physically scale the interface for you, but how will it look, feel, and work? Enter Avalon, MS's solution. Screen elements will stay the same size while you increase resolution, but your workspace will gain resolution and capability. All of the sudden you can edit a large image in Photoshop on your high-resolution monitor without all the widgets becoming microscopic. How long would it take for the FOSS world to replicate this? X is completely widget agnostic.
Again. You sure have point but you missing some things. Such implementation has little to do with X themselves - it will be rather handled by toolkit +X extensions. And these extensions are here. Next version of XOrg is comming due to september. And that is only the begining. You have also java3d, svg (and SVG is already used on X desktop) - all this technologies are Open Source. So it is not like nothing new here in Linux, especialy when you compare to f.e. what was here one or two years ago. And MS is probably backing with Avalon also...
In fact we got better memory management. New kernel, faster system, and some aditional services and management (think for system administrators) capabilities. Oh, and it looks the same and runs faster when you apply few *.reg files on it. XP is quite cool, and I write it using Fedora Core? Sick?
I would go further and simply disable super-user (aka root, aka Administrator) account - there is no need to use it on daily basis. Only thing users need are convinient frontends for installing software and configuring the system. They just need to click on software (or hardware) manager and click it when he needs to add software - meaning no need to run everything (think MSIE) as super user, only selected (and allowed by vendor) components that actually need it. It is funny that MS has pattented "sudo-like service" but their's own RunAs service sucks ass very much... I like (from users point of view) the fashion this is treated f.e. in Fedora, set of PAM's and userhelpers and you can do anything just knowing root password and running as normal user, it even remembers root password for session (AFAIR 15 min.) - now try to configure Windows system without loging for entire sesion as Administrator...
IBM Dev Pages had an interesting view on this. Althougt it is more for desktop setups (system boots faster - who needs that?). But still it is IMO interesting: Boot Linux Faster.
2. - ltfp is a CLIENT not server.
3. - this fix very uncommon situation when you're using mod_rewrite with 8 or more regexp pattern.
4. - this not an security patch (it may cause kernel crash under some rare circumstances (specific hardware) but not remotely exploitable, not sec bug).
Everything else u mention is plain bullshit to me. Security is not about counting how many flaws were FIXED. Security is a constant process of applying patches, etc. Applying patches on Windows is still (bit less then before but still) a serious pain in the ass.