I like (open source product), but find that it is an utterly useless peice of crap because of (flaw which has existed since the begining of time and the developers seem completely uninterested in correcting). I could learn (the language it is written in), and read through the code until I understand everything that's going on, and may some day. But for now, my best bet is to find other (poor saps) to use (the open source product) and hope that the developers will be flooded with so many complaints that they (correct the flaw and/or kill themselves)
as linux grows more popular, distributing source code for absolutely every driver for and varient of the linux kernel in one allmighty tar makes less and less sense. Who could have possibly guessed the wild notion of inf != fin? So, keep the current menuconfig (it's wonderful), but instead of distributing absolutely everything in one packages, have it download what additional things it needs based on if people ask for them.
You know, I dont need the drivers for the in-house printer IBM used in 1927 either, why not complain about that(*such) being included?
are you completely aware that someone not running as root can easily be a spam portal full of IRC bots? My solution isnt "run as someone with no access to anything". I think I said in another post (though it may have been a rant on IRC) that you pretty much always want whatever you're working with to have all the access required to completely destroy everything you care about. You just dont want it to actually do that. Whether some program is able to carry out its nefarious port 99- scheme once I'm infected, I could really not give a flying fuck about. Being infected, that I care about.
and the counter to that, which is still counter to yours:
If you dont touch my data, why the fuck should I care? My data is the only thing which I can't instantly restore within ten minutes. My data, the stuff _I_ created, I would have to go back and re-create. Why should I care about system files? In an hour or less I could set up my system to wipe itself and copy a fresh system image on Every Boot. (using a ROM boot disk), saving nothing but the home directory. Oh nos! the home directory is owned by root! This is different from a home directory owned by someone else how? In that when I open a shell, slightly differet trojans may attack? I'm really no less fucked than if something got into a regular user's directory.
Security is important. Very important. Root vs User has absolutely NOTHING to do with security on a single-user machine.
Firstly: That is a reason for others to discourage the use of root. That is not a reason for me, as a user, to not run as root. I am talking in terms of what the user cares about. There is no reason for the USER to be concerned about that.
Secondly: That is also more an argument for external firewalls. You should never have your network protected only by rules on the box you're trying to protect.
Thirdly: spammers don't require root. Specific spammers require root for specific transport methods due to specific outdated conventions which make no sense at all in a desktop environment.
The thoughts themselves: Sure, you dont want someone to gain root access, but you don't actually want them to have any access at all. If due to a convention that you've compiled in, blocking root access means making a handful of specific exploits not be able to work once you've already been infected, that's not really such a great thing to shoot for- You're still just as infected, and the infection is what you (as a user) want to avoid. Who cares about the effect (as a user, not as a peer of the infected)? You're still just as fucked if someone gains access as non-root, even if a handful of people wont be interested. Hey, if I compiled in an option that said you needed to be logged in as micheal in order to access the ports I use for DCC send, I could block anything which uses those from being useful after I'm infected.. and if I block the ports I use for printing if you're not logged in as bixbie... and for mysql if you're not logged in as bilbzerobaggins...
To clarify: I make no reccomendation that my posts not be modded down. However, I believe that if you had read the fucking article, it would be less likely for such a thing to be considered in the first place. It should be obvious, as it was explicitely stated, that if you/had/ read the fucking article, the "read the fucking article" directive would not apply. "Comprehend the fucking article", perhaps?:)
and if anything goes wrong with their system, be it their user directory deleted or a failed peice of hardware, they take it to a service center which says "yeah, that's due to a defect in the hardware, here's a new one" and the old one is RMAd. You know, because it's defective.
Slow down, cowboy! You seem to be capable of writing a short reply to a short reply in under an hour! What the hell are you on? Abusing methamphedamines can make you see CRAAAzzzzYY shit and will make you think these sort of limits kicking in after ONE post is a good idea!
on any multi-user environment, you're already running multiple users. In a single-user environment, you might as well run as root. Anyone (you, or something pretending to be you) can make a file called "ls" in/tmp. If this you is a user-account, it can completely trash everything you care about. If this you is actually root, it can not only trash everything you care about, but also trash a bunch of things you care nothing about! And it can even open a back door in two fewer lines of C than if it didnt have root, using methods which people who attack desktop systems dont care about too much anymore because it's not as efficient to control!
This is exactly what I am talking about. For a desktop system, a single-user environment, USER ACCOUNTS ARE STUPID. Not the dummy accounts with no access which various services run as (eg: mysql only has access to its DBs and nothing else), those are important. But the USER of the computer. In an environment where heshe is the only user (true in 99.999% of cases- wastefulness debates being an unrelated issue), there is no reason at all to not run as root. For exactly the reasons mentioned in the article: Nobody gives a flying crap about anything they dont have write access to. Why? Because the things they dont already have write access to, they did not write. If they did not write them, they were written by someone else, and can be EASILY REPLACED. This is debian based. Something fucked up? Oh nos! apt-get install and happy new year.
We are not talking about a vast multi-user network on a secure system. We are talking about a desktop. A single person who wants to read e-mail. When shit happens, it can do just as much damage with a user account as it can without one.
"But... Hardware!"
If your hardware can be broken by saying not-nice things to it, that is a bug in the hardware. That is not something to be corrected by disallowing things from talking wrong. Why in the almighty fuck would you put up with hardware which dies if it is sent the "die now" command? This isnt the CIA, here.
magical metaphor land: A man is known to kill people whenever someone says "hello!" instead of "knickerbockey boingydoo". Do you: lock him away and stare at him through a tiny hole forever, or: tell everyone in the universe that greetings will now be handled by a password-locked greeting machine whereby pushing the big green button will always produce the greeting "knickerbockeyboingydoo!" and attempting to give a greeting all by yourself will result in an error.
back to reality: I dont use root because I prefer to see the word "shruggar" everywhere.
that does seem like kind of the point, right? The person who sells Verizon's land-based products thinks Verizon's wireless products shouldnt work well enough to put Verizon's land-based products out of use. Can't this be summed up as "Verizon wants you to buy two bad services instead of one good service"?
I'm just not going to get a Verizon phone, then. If the CEO is running around saying explicitely that he doesnt think cell phones should work in my house, I guess I'll use some other company. I think my cell phone should work in my house. I'll be getting one next week.
oh, okay, should I explicitely say "unbroken HTML" and "correctly compressed JPG"?
I dont like huge unreadable PDFs containing nothing but a poorly scanned image either, but a JPG would at least be smaller and can be read without special software. (when I say "JPG" I just mean for all those scanned documents which are available only as PDF. There is no sense in that.)
Yeah, broken HTML.. uh,, isnt a good thing. I also dislike it when I'm walking somewhere and get hit by a bus. How is this relevent? PDFs can be broken too..
And a "which sucks more" contest between.doc and.pdf is pointless. They both suck. HTML is a valid alternative to both in every case in which either could be used.
If you dont like ads, dont view the content. You are not being forced to look at any ads, you are choosing to look at a website which contains both ads and content. If the ads are visible to you, I have no problem with your deciding you have no interest in the product.
I'm not trying to bait any flames here, even though whenever I say this, I get flamed for it. I think it's revelent, I think it needs to be said. If you strip ads when viewing a website, you are stealing. It is theft.
Theft is taking something from someone else which does not belong to you. If you strip ads, you are stealing my bandwidth, proccessing time, etc. You are gaining the benifits of it and not giving me anything in return.
Please note that I did not mention law at all. I am not saying anything about it being illegal. It is NOT illegal. It should not be illegal. There should never be anything attempting to make anything like it illegal. It is still theft.
I dont care if you agree or not. But if you disagree, stay off my sites.
A horrible tool for reading the most over-used document format ever (insert long argument about which is more over-used: pdf or doc, below) is now available to more people! Yay!
As someone who is not in the publishing business, I have seen maybe two instances where the use of PDF made sense over alternatives like [fucking] HTML or [fucking] JPG.
Please, people, if you dont actually need the exact layout to be preserved, like for instance in absolutely any user manual, refrence manual, any type of manual, a book in general, any form of text document, pretty much anything at all that you're likely to want others to see: Stop using PDF.
Hello, I invented a new kind of shoe that is shaped differently from regular shoes and so allows more comfort and a better stride. I make these shoes a lot, so I found that my butt was getting sore from sitting down at my bench all day. That's why I strapped a peice of foam to my bench. I enjoy the bench much more now, and reccomend all in similar positions also strap foam to their benches. It makes for a much better place to sit.
If you think that's off-topic you didnt read it right.
I'm annoyed by MSVS's "hit cancel to enter debugging", I usually reflexively hit cancel on any dialog boxes with the option, because anything I'm working on I tend not to care enough about to proceed with anything if there's a fatal error. If there's an error, I want to CANCEL whatever I'm doing.
Slashdot Mirror
I like (open source product), but find that it is an utterly useless peice of crap because of (flaw which has existed since the begining of time and the developers seem completely uninterested in correcting). I could learn (the language it is written in), and read through the code until I understand everything that's going on, and may some day. But for now, my best bet is to find other (poor saps) to use (the open source product) and hope that the developers will be flooded with so many complaints that they (correct the flaw and/or kill themselves)
I used to see this kind of thing all the time, but I dont anymore. I assumed this kind of thing was why :)
really? I could have sworn that signature agreed to the terms printed on the card below, reading "...by signing this, agrees to all terms..."
when you put a DVD in, it says that the government provides SEVERE penalties for copying the disc.
If that wasnt enough to make you go buy a gun and shoot every government official dead, you dont deserve democracy.
as linux grows more popular, distributing source code for absolutely every driver for and varient of the linux kernel in one allmighty tar makes less and less sense. Who could have possibly guessed the wild notion of inf != fin?
So, keep the current menuconfig (it's wonderful), but instead of distributing absolutely everything in one packages, have it download what additional things it needs based on if people ask for them.
You know, I dont need the drivers for the in-house printer IBM used in 1927 either, why not complain about that(*such) being included?
are you completely aware that someone not running as root can easily be a spam portal full of IRC bots?
My solution isnt "run as someone with no access to anything". I think I said in another post (though it may have been a rant on IRC) that you pretty much always want whatever you're working with to have all the access required to completely destroy everything you care about. You just dont want it to actually do that.
Whether some program is able to carry out its nefarious port 99- scheme once I'm infected, I could really not give a flying fuck about. Being infected, that I care about.
and the counter to that, which is still counter to yours:
If you dont touch my data, why the fuck should I care? My data is the only thing which I can't instantly restore within ten minutes. My data, the stuff _I_ created, I would have to go back and re-create.
Why should I care about system files? In an hour or less I could set up my system to wipe itself and copy a fresh system image on Every Boot. (using a ROM boot disk), saving nothing but the home directory.
Oh nos! the home directory is owned by root!
This is different from a home directory owned by someone else how? In that when I open a shell, slightly differet trojans may attack? I'm really no less fucked than if something got into a regular user's directory.
Security is important. Very important. Root vs User has absolutely NOTHING to do with security on a single-user machine.
Firstly: That is a reason for others to discourage the use of root. That is not a reason for me, as a user, to not run as root. I am talking in terms of what the user cares about. There is no reason for the USER to be concerned about that.
Secondly: That is also more an argument for external firewalls. You should never have your network protected only by rules on the box you're trying to protect.
Thirdly: spammers don't require root. Specific spammers require root for specific transport methods due to specific outdated conventions which make no sense at all in a desktop environment.
The thoughts themselves:
Sure, you dont want someone to gain root access, but you don't actually want them to have any access at all. If due to a convention that you've compiled in, blocking root access means making a handful of specific exploits not be able to work once you've already been infected, that's not really such a great thing to shoot for- You're still just as infected, and the infection is what you (as a user) want to avoid. Who cares about the effect (as a user, not as a peer of the infected)?
You're still just as fucked if someone gains access as non-root, even if a handful of people wont be interested. Hey, if I compiled in an option that said you needed to be logged in as micheal in order to access the ports I use for DCC send, I could block anything which uses those from being useful after I'm infected.. and if I block the ports I use for printing if you're not logged in as bixbie... and for mysql if you're not logged in as bilbzerobaggins...
To clarify: I make no reccomendation that my posts not be modded down. However, I believe that if you had read the fucking article, it would be less likely for such a thing to be considered in the first place. It should be obvious, as it was explicitely stated, that if you /had/ read the fucking article, the "read the fucking article" directive would not apply. :)
"Comprehend the fucking article", perhaps?
and if anything goes wrong with their system, be it their user directory deleted or a failed peice of hardware, they take it to a service center which says "yeah, that's due to a defect in the hardware, here's a new one" and the old one is RMAd. You know, because it's defective.
Slow down, cowboy! You seem to be capable of writing a short reply to a short reply in under an hour! What the hell are you on? Abusing methamphedamines can make you see CRAAAzzzzYY shit and will make you think these sort of limits kicking in after ONE post is a good idea!
on any multi-user environment, you're already running multiple users. In a single-user environment, you might as well run as root. Anyone (you, or something pretending to be you) can make a file called "ls" in /tmp. If this you is a user-account, it can completely trash everything you care about. If this you is actually root, it can not only trash everything you care about, but also trash a bunch of things you care nothing about! And it can even open a back door in two fewer lines of C than if it didnt have root, using methods which people who attack desktop systems dont care about too much anymore because it's not as efficient to control!
rm -rf ~
Hey look, the system is screwed up the exact same amount, as far as absolutely anyone at all cares.
This is exactly what I am talking about. For a desktop system, a single-user environment, USER ACCOUNTS ARE STUPID.
Not the dummy accounts with no access which various services run as (eg: mysql only has access to its DBs and nothing else), those are important.
But the USER of the computer. In an environment where heshe is the only user (true in 99.999% of cases- wastefulness debates being an unrelated issue), there is no reason at all to not run as root. For exactly the reasons mentioned in the article: Nobody gives a flying crap about anything they dont have write access to.
Why?
Because the things they dont already have write access to, they did not write. If they did not write them, they were written by someone else, and can be EASILY REPLACED. This is debian based. Something fucked up? Oh nos! apt-get install and happy new year.
We are not talking about a vast multi-user network on a secure system. We are talking about a desktop. A single person who wants to read e-mail. When shit happens, it can do just as much damage with a user account as it can without one.
"But... Hardware!"
If your hardware can be broken by saying not-nice things to it, that is a bug in the hardware. That is not something to be corrected by disallowing things from talking wrong. Why in the almighty fuck would you put up with hardware which dies if it is sent the "die now" command? This isnt the CIA, here.
magical metaphor land:
A man is known to kill people whenever someone says "hello!" instead of "knickerbockey boingydoo". Do you: lock him away and stare at him through a tiny hole forever, or: tell everyone in the universe that greetings will now be handled by a password-locked greeting machine whereby pushing the big green button will always produce the greeting "knickerbockeyboingydoo!" and attempting to give a greeting all by yourself will result in an error.
back to reality:
I dont use root because I prefer to see the word "shruggar" everywhere.
Oh no! Not /boot and /etc! How will I ever replace those?!
Thinking of modding me down? You need to RTFA too.
that does seem like kind of the point, right? The person who sells Verizon's land-based products thinks Verizon's wireless products shouldnt work well enough to put Verizon's land-based products out of use. Can't this be summed up as "Verizon wants you to buy two bad services instead of one good service"?
I'm just not going to get a Verizon phone, then. If the CEO is running around saying explicitely that he doesnt think cell phones should work in my house, I guess I'll use some other company. I think my cell phone should work in my house. I'll be getting one next week.
oh, okay, should I explicitely say "unbroken HTML" and "correctly compressed JPG"?
.doc and .pdf is pointless. They both suck. HTML is a valid alternative to both in every case in which either could be used.
I dont like huge unreadable PDFs containing nothing but a poorly scanned image either, but a JPG would at least be smaller and can be read without special software. (when I say "JPG" I just mean for all those scanned documents which are available only as PDF. There is no sense in that.)
Yeah, broken HTML.. uh,, isnt a good thing. I also dislike it when I'm walking somewhere and get hit by a bus. How is this relevent? PDFs can be broken too..
And a "which sucks more" contest between
If you dont like ads, dont view the content. You are not being forced to look at any ads, you are choosing to look at a website which contains both ads and content.
If the ads are visible to you, I have no problem with your deciding you have no interest in the product.
I'm not trying to bait any flames here, even though whenever I say this, I get flamed for it. I think it's revelent, I think it needs to be said.
If you strip ads when viewing a website, you are stealing. It is theft.
Theft is taking something from someone else which does not belong to you.
If you strip ads, you are stealing my bandwidth, proccessing time, etc. You are gaining the benifits of it and not giving me anything in return.
Please note that I did not mention law at all. I am not saying anything about it being illegal. It is NOT illegal. It should not be illegal. There should never be anything attempting to make anything like it illegal. It is still theft.
I dont care if you agree or not. But if you disagree, stay off my sites.
A horrible tool for reading the most over-used document format ever (insert long argument about which is more over-used: pdf or doc, below) is now available to more people! Yay!
As someone who is not in the publishing business, I have seen maybe two instances where the use of PDF made sense over alternatives like [fucking] HTML or [fucking] JPG.
Please, people, if you dont actually need the exact layout to be preserved, like for instance in absolutely any user manual, refrence manual, any type of manual, a book in general, any form of text document, pretty much anything at all that you're likely to want others to see: Stop using PDF.
kthx
Hello, I am a moderator and I dont know how to sort by date. DURRRR
Hello, I invented a new kind of shoe that is shaped differently from regular shoes and so allows more comfort and a better stride. I make these shoes a lot, so I found that my butt was getting sore from sitting down at my bench all day. That's why I strapped a peice of foam to my bench. I enjoy the bench much more now, and reccomend all in similar positions also strap foam to their benches. It makes for a much better place to sit.
If you think that's off-topic you didnt read it right.
now when my teacher says "You just copied this from Encarta. You fail." I can say "no, no, I wrote that article."
No, dont force companies to open their DRM, just make it legal to strip DRM. We want MORE freedom, not LESS.
Dont crush nano before it has a chance to create safegards against itself.
I'm annoyed by MSVS's "hit cancel to enter debugging", I usually reflexively hit cancel on any dialog boxes with the option, because anything I'm working on I tend not to care enough about to proceed with anything if there's a fatal error. If there's an error, I want to CANCEL whatever I'm doing.