>Similarly signing an employment contract with the >company you work for is not "basically the same" as >the "All rights reserved." notice printed on a >compact disc you buy.
Being rejected by a potential employer because you are too great a risk, having the conflicts of interest that come from signing agreements with competitors, comes to mind as a possible reason to want to avoid signing any NDA or certain kinds of licenses.
"My wife is in College and has a lot of term papers to write and share with other student groups for her projects. She is able to do all of this with Open Office by converting to.doc formats without incidents."
My S.O. is a biochemistry researcher, and despite having made sincere efforts to use OO, it has fallen short of meeting her needs. The word processor is fine, actually, but the problems begin with advanced functionality of the spreadsheet, they escalate with integration difficulties between OO apps, and they stop cold with the presentation program being nowhere near a reasonable substitute for powerpoint.
Just one experience, and I'm sure the product has improved significantly since 1.1.2, but there it is. A power user, a true geek, someone who was highly motivated to make it work, couldn't.
OO is a fine word processor, but that's not the whole picture. I've also heard arguments that people don't use many features of the word processor. Well, in a previous career, I was the person who did indeed use pretty much every damn feature of WP5.1, including some quite esoteric things that only legal secretaries probably ever touch. I suspect the claims are made by people who don't know what they are talking about.
On the other hand, OO is pretty complete. But the experience was pretty bad; large datasets linked to complex graphs embedded in a document and a presentation, tended to go to shit; whereas the same tasks were no problem in MS Office. This observation comes from dyed-in-the-wool microsoft-hating geeks who would *really* have liked the results to be different (and who don't have the time or ability to contribute to the OO project to make it better.)
"Each person has to make up their mind- do I want Linux to be a mainstream technology, or do I want it to be the exclusive preserve of a tiny geek-clique?"
There's a mistaken reality assumption here. You seem to be holding on to some notion that there can be any control of Linux other than what the GPL ensures.
The choice you suggest can no longer be made! The Genie is Out of the Bottle!
I was in my hometown taking care of some business at my family's farm. One afternoon our fuel truck driver started telling me all about Linux. Obviously he understood that I was something of a computer geek (as was he, just a different part of the spectrum), and that I'd understand.
I didn't let on to him just how much I understood, because I wanted to see how far he'd gotten. (In case it's not obvious, I've been involved with linux since 0.99, long enough that I've stopped counting the years.)
Turns out, this total country bumpkin, completely uneducated guy (I'm not really being unkind here, he'd describe himself this way), has fully embraced linux as something of a salvation for the common man. It allows him to make use of the computers that get kicked down as city people throw out their old stuff, and he sets them up to browse the web and do email, and as a result, people in my hometown are *wired*. And *I* didn't have to do anything to make it happen!
There's even what I'd call a grassroots initiative to have shared broadband. Thanks to our fuel truck driver's efforts, folks are connected and aware of Linux, and are even savvy enough to be forgiving of, and avoid, its limitations, like the tricky details of modem support and that you are lucky if a certain wireless card works.
I doubt this experience is unique. In fact, I imagine that similar things are happening all over the place. The things that city people (like me) take for granted (like disposable income) aren't always taken for granted at all by country people. I have a good perspective on both ways of life, since I grew up on a farm, but I live in the city and have an engineering job (and firmly entrenched in the city life, believe me), and I'm also still involved in the business of operating my family's farm.
But I never expected someone from that end to come to me, to try to tell ME all about how great Linux is. He even burned a linspire disc for me, which I must admit, was something I'd never seen before.
And now I feel a little guilty, because I never even took that disc out of my bag, much less booted it to see for myself.
I've dabbled with things like a read-only / and/usr with a tmpfs/tmp and mounted homes (also nfs home), and it's been interesting, but I haven't really stuck to it or standardized it.
"Basically, his point is that users care about their data and running as root vs not offers no such protection."
He seems to only be considering "protection from himself" and "protection from unknown parties", but he's missing the more common modes. Especially, "protection of privacy from casual, or even accidental, exposure to a peer/co-worker/family memeber".
I can turn people loose on my laptop with a high degree of confidence that they won't read or delete my mail spool, use my ssh keys, etc. I can hand it to them, say "login as wizard pasword not4u" and walk away, without the slightest worry that anything that would rather be private will not remain private.
What's more, I can put quotas and ulimits on that user, and any number of restrictions (or special privilegss) also. And it's all very easy, and very secure. I'm not talking about the FBI being the casual user, mind you, or anyone who is highly motivated to screw me over. I know for a fact that my laptop is vulnerable to the attack of removing the drive and mounting it elsewhere, or even simply booting a CDRom. But I could fix those holes as well, if I were so motivated.
What was my point? I don't know, but I don't give half a crap what people do with their computers, as long as they don't come crying to me when they ignored (or didn't seek) my advice, and it bit them.
Sometimes I think some people WANT to "get hacked" or "get a virus." It makes them feel important and gives them something to complain about. More than one person I know has used it as an excuse to upgrade a perfectly good PC. On one hand, it's sad that spyware can be a sufficient aggravation for someone to simply walk away from a perfectly good, recent, high-spec PC. On the other hand, it's important to realize that sometimes they just needed the excuse to get a new one.
"I mean you need to type the root password just to connect your modem"
You need admin privileges to change the mode of a device node, or to assign suexec on software that uses a device node. Good. Use escalated privileges to fix that. An argument for allowing routine root logins? I think not.
> or change the clock time
You need admin privileges to alter the clock time. Something that should be done periodically as an automated task anyway. Good.
>Is this really necessary on a single user >desktop?
Is a single user desktop really the norm? If so, do whatever you want. But please don't try to apply the same parameters to anything other than that particular degenerate case. Even home computing is more often than not multi-user.
sudo is the solution to your problem; grant temporary privilege escalation to specific users in specific context, complete with logging and the ability to revoke the privileges, and never any need to share the root password.
It works in my shop, which is a significant real-world multiplatform environment with billions of dollars of assets and high liability for data integrity, and it will work for you.
Here's the thing, though. That command shouldn't work as a regular user, either. So it's really "sudo rm/var/log/*.gz", the -rf is really the big problem here, not root.
Also, this should be done as part of a find command, and even better, as an automated process that deletes the files after archiving them and validating the archive.
Either your system and your data is important (or valuable), or it isn't.
"The most valuable thing on my computer is probably the user name and password to my internet banking facility"
If you stored that anywhere except in your head, your problems are not related to technology, but in your use of it.
That said, I myself keep similar things on a gpg-encrypted file on a keychain usb thingy, and everything needed to recover it except the private key and the passphrase are stored on that keychain.
I understand the risk of copying this encrypted file, e.g., putting it in public places, and that is the level of risk I'm comfortable with.
On the other hand, I would be no less comfortable with this arrangement if there are "root" users or anyone else with access to it. Deleting it is another story, of course.
When I hear that 2048-bit gpg is being casually cracked by people seeking access to nickle-and-dime bank accounts, I'll change my risk quotient.
"1) The end user of Linspire is most probably a windows user trying to switch to something cheaper. The odds of Linspire being heavily used in a multiuser environment are bleak at best."
Bleak? Single computer system for a family with two or more members? Seems like a common enough scenario! Even the most basic voice mail plans arrange for several users to each have a separate mailbox with a different password. This belongs in the same category!
Of course, I do appreciate that even with a slight clue, Linspire can be configured with a proper getty and/or xdm, users, even a file system with ACLs etc.
For your example, "/etc/", sure you could configure rm to know about it. But how does it know what's critical and what's not? This is a wide open system, and to introduce constraints for the kind of safety you'd like, will also limit the flexibility of the system.
It's easy to identify boundary cases, such as, "deleting / shouldn't be possible", but everything else is difficult.
But a far more important element to "root" versus "user" is the fact that resource limits can be placed on users, that can't be placed on root. In my opinion this is being overlooked in the discussion, as is the whole notion of privacy among users of the system, or the ability of the user to hand over the keyboard to someone that he does not have to trust especially well.
How can two mild adversaries use the same computer if they can't even nominally invoke some kind of privacy among each other? I don't mean "user versus hacker" here, I'm taking about maybe employees in the same role (who might compete), members of a family (who might have very good reasons to need privacy), or students (who might have ethical considerations).
Privacy and security don't have to be "all or nothing" considerations, but often it seems only the worst-case scenarios are ever considered (e.g., breaking in, theft, etc.). There are tons of reasons for security to exist that don't require such extreme scenarios to be reasonable.
"So, if YOU were ELECTED to the United States Senate, and were entrusted with the power of your office, to protect your constituents, and you requested to see Area 51 and were denied, you would be okay with that?"
Of course. I'd be quite alarmed if my status as a mere member of the Senate were to supersede the security structure of the military.
The Senator is no more or less a "civilian" than any of his constituents, unless of course he is *also* military personnel.
Your argument presupposes that there is a secret coverup conspiracy related to "Area 51", which is a premise that relatively few people seriously accept.
After all, everybody knows the aliens and the spacecraft were moved to Area 52.
I didn't know that. They did take F's on some missions, didn't they? Anyway, that Hasselblad *Definitely* doesn't deserve to be labled "shitty" (and the photos from the missions are excellent by anybody's standards, and we shouldn't be feeding the troll anyway.)
"How secret is it, not even you elected Senators can gain access."
Civilians are normally denied access to secure military areas. I'm sure your Senator wouldn't be allowed to wander around the Pentagon either, but I can't regard this as evidence of a big secret conspiracy.
" I wish that NASA of today was as exciting and had the same respect as back then."
Those of us who were around back then remember it being no less controversial, with just as much skepticism, and the same low regard from the Republicans over a program that was pressed by Democrats.
The main mitigating factor was the idea that the space program would help stem the tide of Communism.
The space age had an enormous impact on popular culture, but the politics were pretty much the same.
Large businesses get vendors like Microsoft tripping over their own feet to negotiate a site license.
One joint-marketing venture agreement later, and you get the situation we once had:
Each of our Sun servers and Mac workstations had a Windows license. I am deadly serious. It sort-of made sense that the folks with Linux desktops had Windows licenses, since they all started life as mass-deployed Dell Optiplexes. But the terms of the license apparently covered every computer system in the shop, even those that were not Intel-based, which meant lots of Macs, and a whole data center full of UltraSparcs.
"Is there a motherboard on the consumer market within a reasonable price range ($1000, maybe?) that can actually, physically take 64+ gigs of ram?"
There are lots of dual Xeon boards that take 64GB. The trick is finding the chips. A $375 board that needs two $300 chips is one thing. $20,000 in RAM chips takes it to the next level...
"Filesystem calls are a pimple compared to the mountain of disk seeks required if access paterns to the database are random. "
There are no physical seeks if the backing store is RAM instead of disks, at which point the fsio calls start to be more significant. I think that was the point the OP was making.
On the other hand, it may be much simpler to write an optimized fsio than to try to mess with memory management.
>Similarly signing an employment contract with the
>company you work for is not "basically the same" as
>the "All rights reserved." notice printed on a
>compact disc you buy.
Being rejected by a potential employer because you are too great a risk, having the conflicts of interest that come from signing agreements with competitors, comes to mind as a possible reason to want to avoid signing any NDA or certain kinds of licenses.
"My wife is in College and has a lot of term papers to write and share with other student groups for her projects. She is able to do all of this with Open Office by converting to .doc formats without incidents."
My S.O. is a biochemistry researcher, and despite having made sincere efforts to use OO, it has fallen short of meeting her needs. The word processor is fine, actually, but the problems begin with advanced functionality of the spreadsheet, they escalate with integration difficulties between OO apps, and they stop cold with the presentation program being nowhere near a reasonable substitute for powerpoint.
Just one experience, and I'm sure the product has improved significantly since 1.1.2, but there it is. A power user, a true geek, someone who was highly motivated to make it work, couldn't.
OO is a fine word processor, but that's not the whole picture. I've also heard arguments that people don't use many features of the word processor. Well, in a previous career, I was the person who did indeed use pretty much every damn feature of WP5.1, including some quite esoteric things that only legal secretaries probably ever touch. I suspect the claims are made by people who don't know what they are talking about.
On the other hand, OO is pretty complete. But the experience was pretty bad; large datasets linked to complex graphs embedded in a document and a presentation, tended to go to shit; whereas the same tasks were no problem in MS Office. This observation comes from dyed-in-the-wool microsoft-hating geeks who would *really* have liked the results to be different (and who don't have the time or ability to contribute to the OO project to make it better.)
"Each person has to make up their mind- do I want Linux to be a mainstream technology, or do I want it to be the exclusive preserve of a tiny geek-clique?"
There's a mistaken reality assumption here. You seem to be holding on to some notion that there can be any control of Linux other than what the GPL ensures.
The choice you suggest can no longer be made! The Genie is Out of the Bottle!
I was in my hometown taking care of some business at my family's farm. One afternoon our fuel truck driver started telling me all about Linux. Obviously he understood that I was something of a computer geek (as was he, just a different part of the spectrum), and that I'd understand.
I didn't let on to him just how much I understood, because I wanted to see how far he'd gotten. (In case it's not obvious, I've been involved with linux since 0.99, long enough that I've stopped counting the years.)
Turns out, this total country bumpkin, completely uneducated guy (I'm not really being unkind here, he'd describe himself this way), has fully embraced linux as something of a salvation for the common man. It allows him to make use of the computers that get kicked down as city people throw out their old stuff, and he sets them up to browse the web and do email, and as a result, people in my hometown are *wired*. And *I* didn't have to do anything to make it happen!
There's even what I'd call a grassroots initiative to have shared broadband. Thanks to our fuel truck driver's efforts, folks are connected and aware of Linux, and are even savvy enough to be forgiving of, and avoid, its limitations, like the tricky details of modem support and that you are lucky if a certain wireless card works.
I doubt this experience is unique. In fact, I imagine that similar things are happening all over the place. The things that city people (like me) take for granted (like disposable income) aren't always taken for granted at all by country people.
I have a good perspective on both ways of life, since I grew up on a farm, but I live in the city and have an engineering job (and firmly entrenched in the city life, believe me), and I'm also still involved in the business of operating my family's farm.
But I never expected someone from that end to come to me, to try to tell ME all about how great Linux is. He even burned a linspire disc for me, which I must admit, was something I'd never seen before.
And now I feel a little guilty, because I never even took that disc out of my bag, much less booted it to see for myself.
I don't need any permission from a state, or any kind of license to buy a car, have it delivered to my property, and drive it into a wall.
However, I *do* need permission from the state to build the *wall*. How do you like that?
Interesting idea but it sounds very expensive.
/usr /tmp and mounted homes (also nfs home), and it's been interesting, but I haven't really stuck to it or standardized it.
I've dabbled with things like a read-only / and
with a tmpfs
"Basically, his point is that users care about their data and running as root vs not offers no such protection."
He seems to only be considering "protection from himself" and "protection from unknown parties", but he's missing the more common modes. Especially, "protection of privacy from casual, or even accidental, exposure to a peer/co-worker/family memeber".
I can turn people loose on my laptop with a high degree of confidence that they won't read or delete my mail spool, use my ssh keys, etc. I can hand it to them, say "login as wizard pasword not4u" and walk away, without the slightest worry that anything that would rather be private will not remain private.
What's more, I can put quotas and ulimits on that user, and any number of restrictions (or special privilegss) also. And it's all very easy, and very secure. I'm not talking about the FBI being the casual user, mind you, or anyone who is highly motivated to screw me over. I know for a fact that my laptop is vulnerable to the attack of removing the drive and mounting it elsewhere, or even simply booting a CDRom. But I could fix those holes as well, if I were so motivated.
What was my point? I don't know, but I don't give half a crap what people do with their computers, as long as they don't come crying to me when they ignored (or didn't seek) my advice, and it bit them.
Sometimes I think some people WANT to "get hacked" or "get a virus." It makes them feel important and gives them something to complain about. More than one person I know has used it as an excuse to upgrade a perfectly good PC. On one hand, it's sad that spyware can be a sufficient aggravation for someone to simply walk away from a perfectly good, recent, high-spec PC. On the other hand, it's important to realize that sometimes they just needed the excuse to get a new one.
"I mean you need to type the root password just to connect your modem"
You need admin privileges to change the mode of a device node, or to assign suexec on software that uses a device node. Good. Use escalated privileges to fix that. An argument for allowing routine root logins? I think not.
> or change the clock time
You need admin privileges to alter the clock time. Something that should be done periodically as an automated task anyway. Good.
>Is this really necessary on a single user >desktop?
Is a single user desktop really the norm? If so, do whatever you want. But please don't try to apply the same parameters to anything other than that particular degenerate case. Even home computing is more often than not multi-user.
sudo is the solution to your problem;
grant temporary privilege escalation to specific users in specific context, complete with logging and the ability to revoke the privileges, and never any need to share the root password.
It works in my shop, which is a significant real-world multiplatform environment with billions of dollars of assets and high liability for data integrity, and it will work for you.
> Tell me why I care?
Does it need to be explained to you why you shouldn't litter in the park, or fart on a crowded elevator too? Similar principle.
> rm -rf
Here's the thing, though.
That command shouldn't work as a regular user, either. So it's really "sudo rm
the -rf is really the big problem here, not root.
Also, this should be done as part of a find command, and even better, as an automated process that deletes the files after archiving them and validating the archive.
Either your system and your data is important (or valuable), or it isn't.
For most Linspire users, maybe "it isn't."
"All I have to say is that running a Gentoo install while completely drunk is extremely entertaining, even if extremely hazardous for your health."
It's impressive that your metabolism allows you to remain "completely drunk" for that long!
"The most valuable thing on my computer is probably the user name and password to my internet banking facility"
If you stored that anywhere except in your head, your problems are not related to technology, but in your use of it.
That said, I myself keep similar things on a gpg-encrypted file on a keychain usb thingy, and everything needed to recover it except the private key and the passphrase are stored on that keychain.
I understand the risk of copying this encrypted file, e.g., putting it in public places, and that is the level of risk I'm comfortable with.
On the other hand, I would be no less comfortable with this arrangement if there are "root" users or anyone else with access to it. Deleting it is another story, of course.
When I hear that 2048-bit gpg is being casually cracked by people seeking access to nickle-and-dime bank accounts, I'll change my risk quotient.
"1) The end user of Linspire is most probably a windows user trying to switch to something cheaper. The odds of Linspire being heavily used in a multiuser environment are bleak at best."
Bleak? Single computer system for a family with two or more members? Seems like a common enough scenario! Even the most basic voice mail plans arrange for several users to each have a separate mailbox with a different password. This belongs in the same category!
Of course, I do appreciate that even with a slight clue, Linspire can be configured with a proper getty and/or xdm, users, even a file system with ACLs etc.
For your example, "/etc/", sure you could configure rm to know about it. But how does it know what's critical and what's not? This is a wide open system, and to introduce constraints for the kind of safety you'd like, will also limit the flexibility of the system.
It's easy to identify boundary cases, such as, "deleting / shouldn't be possible", but everything else is difficult.
But a far more important element to "root" versus "user" is the fact that resource limits can be placed on users, that can't be placed on root. In my opinion this is being overlooked in the discussion, as is the whole notion of privacy among users of the system, or the ability of the user to hand over the keyboard to someone that he does not have to trust especially well.
How can two mild adversaries use the same computer if they can't even nominally invoke some kind of privacy among each other? I don't mean "user versus hacker" here, I'm taking about maybe employees in the same role (who might compete), members of a family (who might have very good reasons to need privacy), or students (who might have ethical considerations).
Privacy and security don't have to be "all or nothing" considerations, but often it seems only the worst-case scenarios are ever considered (e.g., breaking in, theft, etc.). There are tons of reasons for security to exist that don't require such extreme scenarios to be reasonable.
> I don't know why people even use linspire.
I cannot explain the phenomenon that I have witnessed, but for many people, Linspire appears to be the first and last contact they have with Linux.
I don't understand it, but I've seen it with my eyes.
>You read that right. You want to do something that
>requires root access?
>
>sudo.
Okay,
$ sudo bash -login
# su - owen
$
"Rather than criticising me for making an argument I haven't done, why not read the last paragraph of my comment."
I apologize - I'm really addressing the widespread misconception that's constantly repeated, not your comments.
I get real tired of hearing about how some legal milestone hasn't been passed by the GPL, when the same standard isn't held against other licenses.
"So, if YOU were ELECTED to the United States Senate, and were entrusted with the power of your office, to protect your constituents, and you requested to see Area 51 and were denied, you would be okay with that?"
Of course. I'd be quite alarmed if my status as a mere member of the Senate were to supersede the security structure of the military.
The Senator is no more or less a "civilian" than any of his constituents, unless of course he is *also* military personnel.
Your argument presupposes that there is a secret coverup conspiracy related to "Area 51", which is a premise that relatively few people seriously accept.
After all, everybody knows the aliens and the spacecraft were moved to Area 52.
I didn't know that. They did take F's on some missions, didn't they? Anyway, that Hasselblad *Definitely* doesn't deserve to be labled "shitty" (and the photos from the missions are excellent by anybody's standards, and we shouldn't be feeding the troll anyway.)
"How secret is it, not even you elected Senators can gain access."
Civilians are normally denied access to secure military areas. I'm sure your Senator wouldn't be allowed to wander around the Pentagon either, but I can't regard this as evidence of a big secret conspiracy.
> how come the camera's they took with them are all
> so shitty?
A Nikon F wasn't shitty then, and it's not at all bad today.
Since everybody is scrambling for digital cameras and nobody cares about film anymore, you can get great cameras and lenses for cheap now.
" I wish that NASA of today was as exciting and had
the same respect as back then."
Those of us who were around back then remember it being no less controversial, with just as much skepticism, and the same low regard from the Republicans over a program that was pressed by Democrats.
The main mitigating factor was the idea that the space program would help stem the tide of Communism.
The space age had an enormous impact on popular culture, but the politics were pretty much the same.
Large businesses get vendors like Microsoft tripping over their own feet to negotiate a site license.
One joint-marketing venture agreement later, and you get the situation we once had:
Each of our Sun servers and Mac workstations had a Windows license. I am deadly serious. It sort-of made sense that the folks with Linux desktops had Windows licenses, since they all started life as mass-deployed Dell Optiplexes. But the terms of the license apparently covered every computer system in the shop, even those that were not Intel-based, which meant lots of Macs, and a whole data center full of UltraSparcs.
"Is there a motherboard on the consumer market within a reasonable price range ($1000, maybe?) that can actually, physically take 64+ gigs of ram?"
There are lots of dual Xeon boards that take 64GB.
The trick is finding the chips. A $375 board that needs two $300 chips is one thing. $20,000 in RAM chips takes it to the next level...
"Filesystem calls are a pimple compared to the mountain of disk seeks required if access paterns to the database are random. "
There are no physical seeks if the backing store is RAM instead of disks, at which point the fsio calls start to be more significant. I think that was the point the OP was making.
On the other hand, it may be much simpler to write an optimized fsio than to try to mess with memory management.