"Linux is better thought-out than Windows"
-
dandy72 wrote:
"Linux is better thought-out than Windows"
You should read "the old new thing" a bit.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
that's from the console - it's then assumed that it's either a single user machine or locked up in a server room - so that user accessing the command should have a clue or two what they're choosing to do. running the gui remotely normally* doesn't allow root operations (* - of course there are hoops that if correctly arranged and jumped through that can change) sudo is only for children and below* (* - people that really should just stay on windows)
lopati: roaming wrote:
sudo is only for children and below* (* - people that really should just stay on windows)
What a mixed message. The Linux graybeards all tell you to *always* run as a limited user and you're a fool if you ever login as root. Or am I misinterpreting your answer here?
-
I suspect if you run the UI remotely it will prompt for a password....
A new .NET Serializer All in one Menu-Ribbon Bar Taking over the world since 1371!
I'll have to try. I tend to run my Linux VMs right from the Hyper-V console when RDPed into the Hyper-V host itself; in that context, VMs (Windows and Linux) tend to see that as local, not remote. I'll have to try with VNC or some equivalent. I hardly ever take the time to configure my Linux VMs to let me log in that way.
-
Seems a bit pointless, to me. I mean, why on Earth would anyone ever want to shut down a computer?
I wanna be a eunuchs developer! Pass me a bread knife!
Mark_Wallace wrote:
I mean, why on Earth would anyone ever want to shut down a computer?
Well, there's that. :-) I play a lot with different Linux distributions--way, way more than will work with my Linux VM host's 32GB of RAM. I have another host with 64GB, but that one's for my Windows VMs only.
-
Amazing observation; more than an oversight, it's an issue most likely avoided as I'm certain that (OP), myself and many others have seen this and wandered what the deal is. DE and DM software generally run in a SuDo style mode with certain privileges one of which is shutdown & restart among others. One reason (or several actually) that most old hand system administrators prefer to run Linux & BSD systems via the prompt rather than installing anything like a GUI desktop environment --security concerns, stability (some apps may not function correctly without special privileges) and most times GUI clutters their workspace. Anyway, Linux like any other operating system is subject to developer over sight else we wouldn't need security patches and new kernels. Additionally, Linux is not better thought out than Windows it is implemented in a way that the particular distribution is laid out logically if anything. Windows on the other hand could still benefit from better directory structure and more "in-your-face" security and systems management for those whom not a current copy of the contemporary Windows System Administrator Guide on hand. Neither O.S. is close to perfect and the sooner everyone accepts the fact the sooner things can get rolling again toward better security and stability --right after we get away from Intel's Spectre-Meltdown platform (makes you wander if Intel isn't in anti-virus software investment portfolio somewhere in the shadows, hunh)... Good article regardless.
I was unaware of that...
TheRaven wrote:
Windows on the other hand could still benefit from better directory structure and more "in-your-face" security
Gawd, more in-your-face than the constant UAC prompts? I thought those were already excessive... :-)
TheRaven wrote:
makes you wander if Intel isn't in anti-virus software investment portfolio somewhere in the shadows,
Did you forget they've purchased McAfee for a few billions a few years back...?
-
Forogar wrote:
I really miss working on those old Vaxes (Vaxii?) VMS was the business!
I really enjoyed working on them too! uVAX was an awesome machine!
I'm currently unsupervised, I know it freaks me out too! JaxCoder.com
Maybe there were good uVax implementations. But the first attempt to build a small Vax was the 730. From a performance point of view, it was a nightmare! Friends of mine were using it and reported that had timed the filling an 80 char input buffer with spaces to take 20 milliseconds. A process switch took 100 ms - 1/10 second(!). In their project, they had to change the software architecture from three to two processes (and redistribute the functions) in order to reduce the required number of process switches; that significantly increased the performance of their application. It took just a few weeks before someone got hold of a big yellow-green "Turtle Wax" sticker to put on the front panel of the machine. The 730 was an extremely microcoded machine, with a highly vertical architecture: While the 780 had a 96 bit microcode word, so that it could issue 96 signals per microcycle, the 730 had 24 bits, heavily multiplexed. So the meaning of one bit could depend a lot on other bits, and had to be decoded by a logic network before sent to the actual circuits. The hardware itself was also far simpler, so it took a lot more microcycles to perform one complete machine instruction. Even the 780 had some hardware limitations, the strictest one (for the performance) was that all page tables had to be resident in memory; it couldn't handle a page fault in the page fault interrupt handler. In 1970 or 80, our university had one 780 with a whooping 1 megabyte of RAM. Whenever the electronics guys ran their circuit layout program, which used immense amounts of virtual memory, they had to reboot the machine with a large page table configuration so that more than 600K was taken by the page tables and resident part of the OS, slightly more than 300 kbyte was available for paging of user programs and non-resident OS parts. You may call it "CPU abuse" to run a VAX 780 CPU on 1 megabyte of RAM, but if you weren't there at the time, you would never believe the cost of RAM in those days...
-
Well, first, if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong. Second, the UI systems I've seen use dmesg to bypass the normal IO flow, and assign permissions to grant permissions to the UI, not the user, to perform tasks such as shutdown and network configuration. It does this specifically so the system can have base-level users that don't want to get into the system administration game. If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
"Never attribute to malice that which can be explained by stupidity." - Hanlon's Razor
Nathan Minier wrote:
if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong.
I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Nathan Minier wrote:
If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
-
That's an interesting thought. Arguably, I've already provided my credentials when I logged in, but that's the case whether that was through the UI or purely a command line (like SSH). If I've logged in via the UI, then any command prompt window I subsequently open "should" inherently know who I am.
Every admin-level command issued in a console must request credentials. There are ways around that requirement (google is your friend, and I do it every once in a while when I'm going to issue a series of admin-level commands), but even if you did that, it would still only be applicable to a given session. For every new session, you'd have to do it again. Once again, it's a security measure that prohibits remote execution. Security is, indeed, a pain the the ass.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
Nathan Minier wrote:
if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong.
I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Nathan Minier wrote:
If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
In order to save files in certain locations, you have to run a text editor with admin permissions. Still, the act of runnign them will/should request credentials.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
I don't know where you got that subject line from, but... Linux is a Unix clone; its architecture is a carbon copy of Unix. And Unix was never planned, designed. The *nix process concept was a created as a mechanism to let the space ships of the Space Invasion game to come increasingly closer while you were scratching your head. The shell is the Space Invasion command interpreter loop. They needed a language for programming the whole thing, and threw up a number of language constructs in a messy pile - C is the most explisitly non-designed language that I have ever come across. And it shows! I would be curious to know where this "though-out" is found. Most of the thinking has been spent on "How shall we clean up this terrible mess?" To some degree, the question has been evaded by stating "That is not our problem" (e.g. higher level protocols, file system structures, synchronization, shared data, user identification) - keep it simple; if it simpler than necessary, claim that it improves clarity! Slowly, a few mechanisms crept in: Existence of a file was replaced by a binary semaphore (so that we didn't have to worry about concepts such as critical regions and monitors...), we got .so libraries, and if you were an expert, you could set up segments of the data segment as shared. X.11 could be patched on top to give the illusion of event-driven system design - but worked only for the mouse and keyboard. Exception handling was kludged onto the C language, and so was OO. For threads we had several years with competing kludges. I never saw a speck of "design" work behind the *nix operating system, and very little in the activities closely related to it (such as the C language and communication protocols). For some protocols, the IETF simply had to make major cleanups, e.g. in the SMTP protocol and a number of others, and it is clear for everybody to see that all the old critisisms of "non-*nix-style" starndardization work becomes increasingly appliccable to *nix and TCP/IP protocols standardization.
-
I'm not even sure your base premise is correct, since Windows was developed as a single user system and Linux a multi user system. As for your observation about Linux shutdown, running sudo is the correct thing to do. Linux was derived from a multi-user environment and allowing any random user to shutdown the OS is not a good thing to do. The reason the console GUI shutdown works without sudo is because there is an underlying assumption that if you're using the console GUI then you're running in single user mode. I suspect the remote X-Windows GUI will require sudo to operate, just like Windows "hiding" the shutdown option when using RDP to connect to a remote system.
obermd wrote:
running sudo is the correct thing to do. Linux was derived from a multi-user environment and allowing any random user to shutdown the OS is not a good thing to do
I agree entirely. I was just pointing out the inconsistency.
obermd wrote:
The reason the console GUI shutdown works without sudo is because there is an underlying assumption that if you're using the console GUI then you're running in single user mode
That's probably the best response I've seen yet this thread. I wouldn't suggest however this is a *great* assumption to make.
obermd wrote:
I suspect the remote X-Windows GUI will require sudo to operate,
Maybe it does, I haven't tried. I suspect you're right.
obermd wrote:
just like Windows "hiding" the shutdown option when using RDP to connect to a remote system.
It's inconsistent for sure (across the multiple versions of Windows, and workstation- vs server versions), and I know I've seen policies to display/remove the option. But now that you bring this up, when you *do* have the option, Windows *does* warn you if you're about to do a shutdown and it knows other users are currently logged in. Given that's the case, I have to wonder why a UI-initiated shutdown request wouldn't do the same on Linux. It could be based on the assumption you put forth, but then, doing the check and putting up a warning as Windows does seems like a no-brainer to me. All this to say...none of this is a "flaw" and I'm sure it's a deliberate design decision. And it'd be interesting to read the arguments that have been made on either side.
-
Every admin-level command issued in a console must request credentials. There are ways around that requirement (google is your friend, and I do it every once in a while when I'm going to issue a series of admin-level commands), but even if you did that, it would still only be applicable to a given session. For every new session, you'd have to do it again. Once again, it's a security measure that prohibits remote execution. Security is, indeed, a pain the the ass.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
In order to save files in certain locations, you have to run a text editor with admin permissions. Still, the act of runnign them will/should request credentials.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
Isn't that Raymond Cheng's (Chang?) blog? Is he still posting? I've watched a couple of his "one-minute answer" videos on Channel 9, but I honestly have never taken the time to read his blog.
dandy72 wrote:
Isn't that Raymond Cheng's (Chang?) blog? Is he still posting?
Yup. The Old New Thing[^]
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
Indeed; that the case even on Windows: I've lost count of the number of times I've tried to save a change I made to the hosts file, but then forgot I had launched Notepad without explicitly doing so as an admin. No way around that without re-launching.
I fixed that by setting the compatibility properties on notepad.exe to "run as administrator". :)
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
obermd wrote:
running sudo is the correct thing to do. Linux was derived from a multi-user environment and allowing any random user to shutdown the OS is not a good thing to do
I agree entirely. I was just pointing out the inconsistency.
obermd wrote:
The reason the console GUI shutdown works without sudo is because there is an underlying assumption that if you're using the console GUI then you're running in single user mode
That's probably the best response I've seen yet this thread. I wouldn't suggest however this is a *great* assumption to make.
obermd wrote:
I suspect the remote X-Windows GUI will require sudo to operate,
Maybe it does, I haven't tried. I suspect you're right.
obermd wrote:
just like Windows "hiding" the shutdown option when using RDP to connect to a remote system.
It's inconsistent for sure (across the multiple versions of Windows, and workstation- vs server versions), and I know I've seen policies to display/remove the option. But now that you bring this up, when you *do* have the option, Windows *does* warn you if you're about to do a shutdown and it knows other users are currently logged in. Given that's the case, I have to wonder why a UI-initiated shutdown request wouldn't do the same on Linux. It could be based on the assumption you put forth, but then, doing the check and putting up a warning as Windows does seems like a no-brainer to me. All this to say...none of this is a "flaw" and I'm sure it's a deliberate design decision. And it'd be interesting to read the arguments that have been made on either side.
dandy72 wrote:
I was just pointing out the inconsistency.
I think it's more accurate to call it a "security comprimise", because it's specifically intended to work that way. I don't see it as inconsistent.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
I fixed that by setting the compatibility properties on notepad.exe to "run as administrator". :)
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
I don't know where you're coming from (especially when you're only known here as "member 7989122"), but I think a conversation between yourself and Linus Torvalds would be fascinating. I'm not being facetious.
If he pays a visit to Kargasniemi or Karesuvanto, I'll probably be passing both towns during my vacation this summer. But I guess that if he is back in his homeland then, he will probably stay much further south in the country. I have never visited the south of Finland - I would like to spend a vacation there, but I guess I'd prefer it to be a vacation. Not for discussing OS design (and lack thereof). I guess my need for fierce turf wars is fully satisified during my working day. If I should happen to meet one of the big gurus by accident, I would probably do as I use to when meeting people with strong opinions and egos: Act a lot less experienced than I am, but rather poke him with some far more thought out questions that they initially appear, to have him reveal more of his real thoughts and approaches to things, when he doesn't feel that he has to "defend" things, but rather "explain". You reveal a lot more when you explain. And the listener, me, can place "naive" questions at the right time to dig far deeper than what comes out of a turf war. Sidetracking: One of my friends, on his way to becoming a top rate DBMS expert in the 1980s, had the database guru Jim Gray as his idol. At VLDB conferences, he was chasing Grey, hoping to one day get so close that he could say that he had been touching Jim Gray's coat :-) Then, one day at a VLDB conference, he saw Jim Gray coming right at him, cheering: "Hi, I hear that you guys are from Norway, is that right? Getting drunk with Norwegains is always great fun! Would you like to come along for a drinking night?" ... My friend went along, and the two became friends for live: When my friend married, Gray crossed the Atlantic to be his best man. I don't know if they ever were discussing database systems. Most likely they did, but that is not what formed a close friendship.
-
TheRaven wrote:
Windows on the other hand could still benefit from better directory structure and more "in-your-face" security
Gawd, more in-your-face than the constant UAC prompts? I thought those were already excessive... :-)
TheRaven wrote:
makes you wander if Intel isn't in anti-virus software investment portfolio somewhere in the shadows,
Did you forget they've purchased McAfee for a few billions a few years back...?
Meant accessibility for policy management not specifically targeting UAC prompts with a focus on readability and more "user friendly" tools. As far as prompts --rather have those than ransom ware popping up on my Windows 7 boot screen (been there). And, no I did not know Intel purchased McAfee --says enough to me. Explains a great deal. McAfee the mad-man running wild in third world countries trying to escape a hit squad and now Intel rides in with Spectre, Meltdown and now a new laundry list of hidden goodies have been discovered plaguing all of IA land. Fantastic, and they own McAfee... Thanx for the heads up btw.
I was unaware of that...
-
Meant accessibility for policy management not specifically targeting UAC prompts with a focus on readability and more "user friendly" tools. As far as prompts --rather have those than ransom ware popping up on my Windows 7 boot screen (been there). And, no I did not know Intel purchased McAfee --says enough to me. Explains a great deal. McAfee the mad-man running wild in third world countries trying to escape a hit squad and now Intel rides in with Spectre, Meltdown and now a new laundry list of hidden goodies have been discovered plaguing all of IA land. Fantastic, and they own McAfee... Thanx for the heads up btw.
I was unaware of that...
