Macs actually implement the Wake On LAN standard feature. (sometimes referred to as WOMP, or Wake On Magic Packet) This relies on the computer's ethernet hardware remaining awake while the computer sleeps, and any computer on the LAN can send a special UDP packet containing its ethernet MAC (Machine Address Code, unrelated to MACintosh) to trigger the computer to wake up.
And Apple Macs don't keep their NICs active when the computer is turned off, making WOL mostly useless. For some reason, only Xserves are allowed the special privilege of complete WOL.
I'm writing this post from a non-privileged user account, and I type the admin password 50 times a day for all sorts of installations, configuration settings, etc.
My question is: how (un?)safe is a Windows 7 box running under a non-privileged account?
Reasonably safe, as long as you're typing that admin password to temporarily log in to the admin user, then logging out and logging back in as ordinary user. Don't let any user use UAC, even yourself; that way you can be sure that Malware never tricks you into unlocking UAC (or waiting until you unlock UAC to do its dirty deeds).
some users argue that Twitter 'risks ruining the site if it lets the pursuit of profit interfere with the organic nature of the social network.'
Twitter risks running out of money if it lets the organic nature of the social network interfere with the pursuit of profit. Then how will you tell your friends what color your last bowel movement was? You're Facebook friends with Grandma now, do you think she wants to read that? Wait, old people do talk about that stuff. Carry on.
For random web browsing on assorted sites, boot up from a Linux boot CD. Your entire OS will be in memory, nothing on your HD is touched.
Unplug your HDD too. Otherwise your Linux CD can often mount your drive read/write, and if it has a vulnerable version of FF, you're owned since the default user usually has passwordless sudo privs.
Reminds me that "magician" who was able to win 50% simultaneous chess matches against any number of professional players.
Any number of opponents except one, but he would mitm copy the games verbatim between two players. I suppose that means he would lose an extra one if there was an odd numbered opponent.
*Young man sitting in front of computer screen, sweating and breathing heavily.*
Child's voice: "When I grow up, I want to be a webmaster!"
*camera pans out, showing a very slowly loading web page, complete with errors*
Narrator: "Nobody ever says 'I want to be stuck testing web pages via AOL when I grow up'"
*A CD spins like a coin on a desk*
"When I grow up, I want to be a ballet dancer"
*the CD falls to reveal an AOL logo*
"Don't let AOL get in the way of your dreams"
Ignoring the fact that this is a straw man (I never said install; I said setup and maintenance, of which install is only a small portion of setup)... yes, Windows can be difficult to install. I've had many occasions where NIC drivers didn't exist for a box I was installing windows on, so sneakernet was my only option for driver installation.
Do you drag your knuckles along the ground too?
Seriously? At least now I know you're trolling.
I run a bunch of labs at a local community college however - 200 misc dell Optiplex machines. Some are over 5+ years old (Optiplex 520). Windows 7 installed and runs like a top on every single one of them without me tweaking anything
Bully for you. I bet someone had to tweak ADS to get those lab machines running locked down and to prevent them from sleeping, install MS.msis, etc. Probably someone else? Regarding maintenance, does Windows regularly update all of the software on the system for you, or do you have to apply remote patches for Adobe/foxit/Firefox/whatever, or maybe reimage the labs semi-monthly? With the exception of reboots after kernel updates, there's no reason to touch the *nix machines; they update all of their own software. In fact, you could run a simple cron job to reboot if it detected a new kernel installed and no user processes (just like Windows' automatic update system, except usually only quarterly for kernel updates).
"I can... only three years" so in other words you can't.
Since the general implication is that Linux == never reboot and Windows == reboot weekly if not daily, then I think that 3 years can easily be equated with 5 years. I rarely see more than nine months uptime for most of my Linux boxes. BTW, unless that Linux machine was off of the 'net it was in serious need of a reboot for a kernel update. five years is a long time for a remote exploit (even just DoS from NIC drivers) to potentially not get patched.
I have used Linux systems that where 5 years old and had never been rebooted and you can't say that about windows.
I can. Just 5 years ago, I remember finding a Win98se box hidden behind a cabinet at a major company. Its role was to run a red-light-messageboard. You know the kind: the messages "pass" across a small window spelled out in red lights. It hadn't been on for 5 years, but 3 years straight is pretty good. It wasn't on the network, and IIRC it only had a modem, so I let it do its thing. If Windows isn't *used* (especially on the 'net), then it can be pretty rock-solid.
Why do you rate Windows the worst and Linux the best? What makes Windows so horrible to maintain? All you have to do is pop-in a CD and install. After that the system usually has everything the user needs (web browser, Microsoft Office, etc).
Microsoft Office does _not_ come on the Windows installation DVD. Not that it's difficult to install, but it is an extra $$$ license.
And what makes Linux so easy? In my experience it's a pain in the ass - for example my Linux laptop refuses to execute flash websites (like disney.com or tv.com). And I can't get it to talk to my Netscape ISP.
You're obviously looking at it from an end-user (home) perspective. I'm arguing from a sysadmin perspective for medium/large companies. I have much more experience with Microsoft systems, but there's just so much that needs constant attention and futzing with Windows. And there are annoyances like "We need to reboot system after any logoff" that can be researched and solved in less than an hour on systems with an open source history where configuration is prized, but with Windows has been a real pain*. I've got probably 1/2 split between MS and POSIX systems, but MS seems to be always taking up more of my time, managing 3rd party patches remotely, virus scanner remote monitoring, or just making a new image secure. With Linux, configuring a base image is as tough as tweaking a few files and opening a firewall port or two. With Windows, I've got to set registry settings in the Default User registry hive to prevent the systems from going to sleep if a new local user logs in (the ADS policy to keep a machine awake only runs on login for ADS users, not local ones). And those reg entries aren't human readable either (reg_binary), so I have to use a GUI to create them, then export them with regedit, then edit the.reg file into a.bat with reg.exe syntax... Once default preferences are set, there's still all of the extra software to install: MS Office, Visual Studio, Adobe CS4/5, all of which take at least an hour each, as well as time and reboots for patches.
*You can't do it in a logout script because logout (a shutdown state) supersedes any other shutdown state from being enacted. So far the only method I've tried that works is creating a service that constantly checks whether a user is logged into the console session, and reboots when the user's no longer logged in. Use ADS GPO to allow any user to start that service. Start the service in a logIN script (because even services can't be started during logout).
Open Source is only 90% cheaper if your time is worth 10%.
Best joke ever.
If I had to rate difficulty of OS maintenance and setup, it would be:
Microsoft (Any), Most difficult
Solaris
Mac OS X
Linux (Any except gentoo), easiest
I fail to see how making partitions on one real device will do anything other than lower that average speed.
You are correct, it will lower the speed, but I believe GP is correct that it will bring most data points closer to that slower average.
If you meant multiple physical volumes in RAID0 then I ask the following:
And how do I get this volume off to the storage location?
Will the OEM say it is safe for transport?
Is it light enough for our female sysadmin to carry it?
1) Quantum Teleportation? Maybe a truck and packing foam if your teleporter is down.
2) Who cares what the OEM says? Are you planning to sue a tape manufacturer when a tape goes bad? Good luck proving it was the transport that did it.
3) Unless she's an invalid. Anyone who can lift a HDD can transport a disk array.
I say if JBOD backup with multiple copies is good enough to transport Antarctic science data, it's good enough for transporting backups. As long as the backups are tested at the storage site on arrival, then there's not a problem with disks.
Google seems to have forgotten the early days of the search engine wars in which Yahoo, Excite, et al vied for the most user-hostile, craptacular portal landing pages. I believe it was primarily their choice of a minimal utilitarian design that made people flock to Google, and the quality of the search results, good as they were, was a distant secondary factor among typical users.
[...]
Google has officially run out of ideas if this is the best they can come up with.
Good. Maybe without ideas they'll stagnate and, as a result, remain popular.
The only reason my friends have cited for eschewing iPhone and going Android when it came out is "It's not AT&T". They think of Android phones as iPhones that work on other networks.
Dear Mozilla developers, please disable by default *all* extensions except:
1. the ones that are manually installed by the user using the standard UI inside Firefox;
2. the ones that are manually enabled by the user using a menu switch inside Firefox for EACH externally installed extension (do NOT show a confirmation dialog if a new extension appears out of nowhere: users always click "yes").
The power to choose what to install in their browsers must reside only in the hands of the users.
Ah, but what if sysadmins want their users to - by default - be using adblock or noscript?
Is it old news, or did MS decide that since only "Firefox geeks" complained about it last time that it's open season to add Firefox extensions without asking?
Replying to own post: I just found out that RAID controllers are also detected with the Linux boot CD (not a surprise, but i wasn't certain how stripped down the kernel was). That just saved me a lot of time trying to remember how to clone with partimage.
Speaking of that, does anyone know of a way to create an icon on the desktop that can turn on/off the autorun feature, just to make it easier on users?
Put this in a batch file. Turns autorun off if the user has admin rights. Can be easily run through psexec if you have admin rights (and an open fileshare to the box) but the end user doesn't. I leave turning autorun back on as an exercise for the reader.
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf"/ve/f/d "@SYS:DoesNotExist"
If you have access to a means to edit select settings in gpedit.msc with a script, set "Computer Configuration\Administrative Templates\System\Turn off Autoplay" to "Enabled". Unfortunately, for Vista, XP, Win2k this only _really_ works on machines that have gotten a patch. The "DoesNotExist" method is better because it works for patchless machines. I do both, though, just to be thorough.
Macs actually implement the Wake On LAN standard feature. (sometimes referred to as WOMP, or Wake On Magic Packet) This relies on the computer's ethernet hardware remaining awake while the computer sleeps, and any computer on the LAN can send a special UDP packet containing its ethernet MAC (Machine Address Code, unrelated to MACintosh) to trigger the computer to wake up.
And Apple Macs don't keep their NICs active when the computer is turned off, making WOL mostly useless. For some reason, only Xserves are allowed the special privilege of complete WOL.
I'm writing this post from a non-privileged user account, and I type the admin password 50 times a day for all sorts of installations, configuration settings, etc.
My question is: how (un?)safe is a Windows 7 box running under a non-privileged account?
Reasonably safe, as long as you're typing that admin password to temporarily log in to the admin user, then logging out and logging back in as ordinary user. Don't let any user use UAC, even yourself; that way you can be sure that Malware never tricks you into unlocking UAC (or waiting until you unlock UAC to do its dirty deeds).
Multiple-lane highways exist for a reason, and the *right* lane is the *slow lane* and the *left lane* is the fast lane.
Except in Texas and England.
Okay poop is coming out now
I'm amazed a reference to this got modded troll here. http://www.penny-arcade.com/comic/2008/4/23/
That's okay, it's back up to 0, Informative.
some users argue that Twitter 'risks ruining the site if it lets the pursuit of profit interfere with the organic nature of the social network.'
Twitter risks running out of money if it lets the organic nature of the social network interfere with the pursuit of profit. Then how will you tell your friends what color your last bowel movement was? You're Facebook friends with Grandma now, do you think she wants to read that? Wait, old people do talk about that stuff. Carry on.
For random web browsing on assorted sites, boot up from a Linux boot CD. Your entire OS will be in memory, nothing on your HD is touched.
Unplug your HDD too. Otherwise your Linux CD can often mount your drive read/write, and if it has a vulnerable version of FF, you're owned since the default user usually has passwordless sudo privs.
Reminds me that "magician" who was able to win 50% simultaneous chess matches against any number of professional players.
Any number of opponents except one, but he would mitm copy the games verbatim between two players. I suppose that means he would lose an extra one if there was an odd numbered opponent.
7 out of 10 IRC users [...] are utter idiots.
Somehow I don't think that's true. I think it's more likely that 7/10 IRC "users" are other bots.
*Young man sitting in front of computer screen, sweating and breathing heavily.*
Child's voice: "When I grow up, I want to be a webmaster!"
*camera pans out, showing a very slowly loading web page, complete with errors*
Narrator: "Nobody ever says 'I want to be stuck testing web pages via AOL when I grow up'"
*A CD spins like a coin on a desk*
"When I grow up, I want to be a ballet dancer"
*the CD falls to reveal an AOL logo*
"Don't let AOL get in the way of your dreams"
Also: I thought the EU Parliament made it illegal to have open wifi spots?
EU, Schmeu. This is Finland, where Conan O'Brian was President until former President Jay Leno took back the office on a technicality.
Windows is difficult to install?
Ignoring the fact that this is a straw man (I never said install; I said setup and maintenance, of which install is only a small portion of setup)... yes, Windows can be difficult to install. I've had many occasions where NIC drivers didn't exist for a box I was installing windows on, so sneakernet was my only option for driver installation.
Do you drag your knuckles along the ground too?
Seriously? At least now I know you're trolling.
I run a bunch of labs at a local community college however - 200 misc dell Optiplex machines. Some are over 5+ years old (Optiplex 520). Windows 7 installed and runs like a top on every single one of them without me tweaking anything
Bully for you. I bet someone had to tweak ADS to get those lab machines running locked down and to prevent them from sleeping, install MS .msis, etc. Probably someone else? Regarding maintenance, does Windows regularly update all of the software on the system for you, or do you have to apply remote patches for Adobe/foxit/Firefox/whatever, or maybe reimage the labs semi-monthly? With the exception of reboots after kernel updates, there's no reason to touch the *nix machines; they update all of their own software. In fact, you could run a simple cron job to reboot if it detected a new kernel installed and no user processes (just like Windows' automatic update system, except usually only quarterly for kernel updates).
"I can... only three years" so in other words you can't.
Since the general implication is that Linux == never reboot and Windows == reboot weekly if not daily, then I think that 3 years can easily be equated with 5 years. I rarely see more than nine months uptime for most of my Linux boxes. BTW, unless that Linux machine was off of the 'net it was in serious need of a reboot for a kernel update. five years is a long time for a remote exploit (even just DoS from NIC drivers) to potentially not get patched.
I have used Linux systems that where 5 years old and had never been rebooted and you can't say that about windows.
I can. Just 5 years ago, I remember finding a Win98se box hidden behind a cabinet at a major company. Its role was to run a red-light-messageboard. You know the kind: the messages "pass" across a small window spelled out in red lights. It hadn't been on for 5 years, but 3 years straight is pretty good. It wasn't on the network, and IIRC it only had a modem, so I let it do its thing. If Windows isn't *used* (especially on the 'net), then it can be pretty rock-solid.
Why do you rate Windows the worst and Linux the best? What makes Windows so horrible to maintain? All you have to do is pop-in a CD and install. After that the system usually has everything the user needs (web browser, Microsoft Office, etc).
Microsoft Office does _not_ come on the Windows installation DVD. Not that it's difficult to install, but it is an extra $$$ license.
And what makes Linux so easy? In my experience it's a pain in the ass - for example my Linux laptop refuses to execute flash websites (like disney.com or tv.com). And I can't get it to talk to my Netscape ISP.
You're obviously looking at it from an end-user (home) perspective. I'm arguing from a sysadmin perspective for medium/large companies. I have much more experience with Microsoft systems, but there's just so much that needs constant attention and futzing with Windows. And there are annoyances like "We need to reboot system after any logoff" that can be researched and solved in less than an hour on systems with an open source history where configuration is prized, but with Windows has been a real pain*. I've got probably 1/2 split between MS and POSIX systems, but MS seems to be always taking up more of my time, managing 3rd party patches remotely, virus scanner remote monitoring, or just making a new image secure. With Linux, configuring a base image is as tough as tweaking a few files and opening a firewall port or two. With Windows, I've got to set registry settings in the Default User registry hive to prevent the systems from going to sleep if a new local user logs in (the ADS policy to keep a machine awake only runs on login for ADS users, not local ones). And those reg entries aren't human readable either (reg_binary), so I have to use a GUI to create them, then export them with regedit, then edit the .reg file into a .bat with reg.exe syntax... Once default preferences are set, there's still all of the extra software to install: MS Office, Visual Studio, Adobe CS4/5, all of which take at least an hour each, as well as time and reboots for patches.
*You can't do it in a logout script because logout (a shutdown state) supersedes any other shutdown state from being enacted. So far the only method I've tried that works is creating a service that constantly checks whether a user is logged into the console session, and reboots when the user's no longer logged in. Use ADS GPO to allow any user to start that service. Start the service in a logIN script (because even services can't be started during logout).
Open Source is only 90% cheaper if your time is worth 10%.
Best joke ever.
If I had to rate difficulty of OS maintenance and setup, it would be:
Microsoft (Any), Most difficult
Solaris
Mac OS X
Linux (Any except gentoo), easiest
Download the IE version in FF. Download the FF version in IE. No activeX, no instant plugin crap.
I fail to see how making partitions on one real device will do anything other than lower that average speed.
You are correct, it will lower the speed, but I believe GP is correct that it will bring most data points closer to that slower average.
If you meant multiple physical volumes in RAID0 then I ask the following:
And how do I get this volume off to the storage location?
Will the OEM say it is safe for transport?
Is it light enough for our female sysadmin to carry it?
1) Quantum Teleportation? Maybe a truck and packing foam if your teleporter is down.
2) Who cares what the OEM says? Are you planning to sue a tape manufacturer when a tape goes bad? Good luck proving it was the transport that did it.
3) Unless she's an invalid. Anyone who can lift a HDD can transport a disk array.
I say if JBOD backup with multiple copies is good enough to transport Antarctic science data, it's good enough for transporting backups. As long as the backups are tested at the storage site on arrival, then there's not a problem with disks.
Google seems to have forgotten the early days of the search engine wars in which Yahoo, Excite, et al vied for the most user-hostile, craptacular portal landing pages. I believe it was primarily their choice of a minimal utilitarian design that made people flock to Google, and the quality of the search results, good as they were, was a distant secondary factor among typical users.
[...]
Google has officially run out of ideas if this is the best they can come up with.
Good. Maybe without ideas they'll stagnate and, as a result, remain popular.
Ultimately, everything you see (barring hallucinations) is projected onto your retina.
And potentially other people's retinas. It would be nice to finally get to the laser->retina stage.
The only reason my friends have cited for eschewing iPhone and going Android when it came out is "It's not AT&T". They think of Android phones as iPhones that work on other networks.
new authentic Pro mode meant to help players segue to actual instruments
...while learning fingering that will trip them up later. Watching the way people hold drum sticks with Rock Band is painful.
Dear Mozilla developers, please disable by default *all* extensions except:
1. the ones that are manually installed by the user using the standard UI inside Firefox;
2. the ones that are manually enabled by the user using a menu switch inside Firefox for EACH externally installed extension (do NOT show a confirmation dialog if a new extension appears out of nowhere: users always click "yes").
The power to choose what to install in their browsers must reside only in the hands of the users.
Ah, but what if sysadmins want their users to - by default - be using adblock or noscript?
Old news is so exciting!
Is it old news, or did MS decide that since only "Firefox geeks" complained about it last time that it's open season to add Firefox extensions without asking?
Replying to own post: I just found out that RAID controllers are also detected with the Linux boot CD (not a surprise, but i wasn't certain how stripped down the kernel was). That just saved me a lot of time trying to remember how to clone with partimage.
Speaking of that, does anyone know of a way to create an icon on the desktop that can turn on/off the autorun feature, just to make it easier on users?
Put this in a batch file. Turns autorun off if the user has admin rights. Can be easily run through psexec if you have admin rights (and an open fileshare to the box) but the end user doesn't. I leave turning autorun back on as an exercise for the reader. /ve /f /d "@SYS:DoesNotExist"
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf"
If you have access to a means to edit select settings in gpedit.msc with a script, set "Computer Configuration\Administrative Templates\System\Turn off Autoplay" to "Enabled". Unfortunately, for Vista, XP, Win2k this only _really_ works on machines that have gotten a patch. The "DoesNotExist" method is better because it works for patchless machines. I do both, though, just to be thorough.