"Linux is better thought-out than Windows"
-
Forogar wrote:
I really miss working on those old Vaxes (Vaxii?) VMS was the business!
I really enjoyed working on them too! uVAX was an awesome machine!
I'm currently unsupervised, I know it freaks me out too! JaxCoder.com
Maybe there were good uVax implementations. But the first attempt to build a small Vax was the 730. From a performance point of view, it was a nightmare! Friends of mine were using it and reported that had timed the filling an 80 char input buffer with spaces to take 20 milliseconds. A process switch took 100 ms - 1/10 second(!). In their project, they had to change the software architecture from three to two processes (and redistribute the functions) in order to reduce the required number of process switches; that significantly increased the performance of their application. It took just a few weeks before someone got hold of a big yellow-green "Turtle Wax" sticker to put on the front panel of the machine. The 730 was an extremely microcoded machine, with a highly vertical architecture: While the 780 had a 96 bit microcode word, so that it could issue 96 signals per microcycle, the 730 had 24 bits, heavily multiplexed. So the meaning of one bit could depend a lot on other bits, and had to be decoded by a logic network before sent to the actual circuits. The hardware itself was also far simpler, so it took a lot more microcycles to perform one complete machine instruction. Even the 780 had some hardware limitations, the strictest one (for the performance) was that all page tables had to be resident in memory; it couldn't handle a page fault in the page fault interrupt handler. In 1970 or 80, our university had one 780 with a whooping 1 megabyte of RAM. Whenever the electronics guys ran their circuit layout program, which used immense amounts of virtual memory, they had to reboot the machine with a large page table configuration so that more than 600K was taken by the page tables and resident part of the OS, slightly more than 300 kbyte was available for paging of user programs and non-resident OS parts. You may call it "CPU abuse" to run a VAX 780 CPU on 1 megabyte of RAM, but if you weren't there at the time, you would never believe the cost of RAM in those days...
-
Well, first, if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong. Second, the UI systems I've seen use dmesg to bypass the normal IO flow, and assign permissions to grant permissions to the UI, not the user, to perform tasks such as shutdown and network configuration. It does this specifically so the system can have base-level users that don't want to get into the system administration game. If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
"Never attribute to malice that which can be explained by stupidity." - Hanlon's Razor
Nathan Minier wrote:
if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong.
I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Nathan Minier wrote:
If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
-
That's an interesting thought. Arguably, I've already provided my credentials when I logged in, but that's the case whether that was through the UI or purely a command line (like SSH). If I've logged in via the UI, then any command prompt window I subsequently open "should" inherently know who I am.
Every admin-level command issued in a console must request credentials. There are ways around that requirement (google is your friend, and I do it every once in a while when I'm going to issue a series of admin-level commands), but even if you did that, it would still only be applicable to a given session. For every new session, you'd have to do it again. Once again, it's a security measure that prohibits remote execution. Security is, indeed, a pain the the ass.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
Nathan Minier wrote:
if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong.
I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Nathan Minier wrote:
If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
In order to save files in certain locations, you have to run a text editor with admin permissions. Still, the act of runnign them will/should request credentials.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
I don't know where you got that subject line from, but... Linux is a Unix clone; its architecture is a carbon copy of Unix. And Unix was never planned, designed. The *nix process concept was a created as a mechanism to let the space ships of the Space Invasion game to come increasingly closer while you were scratching your head. The shell is the Space Invasion command interpreter loop. They needed a language for programming the whole thing, and threw up a number of language constructs in a messy pile - C is the most explisitly non-designed language that I have ever come across. And it shows! I would be curious to know where this "though-out" is found. Most of the thinking has been spent on "How shall we clean up this terrible mess?" To some degree, the question has been evaded by stating "That is not our problem" (e.g. higher level protocols, file system structures, synchronization, shared data, user identification) - keep it simple; if it simpler than necessary, claim that it improves clarity! Slowly, a few mechanisms crept in: Existence of a file was replaced by a binary semaphore (so that we didn't have to worry about concepts such as critical regions and monitors...), we got .so libraries, and if you were an expert, you could set up segments of the data segment as shared. X.11 could be patched on top to give the illusion of event-driven system design - but worked only for the mouse and keyboard. Exception handling was kludged onto the C language, and so was OO. For threads we had several years with competing kludges. I never saw a speck of "design" work behind the *nix operating system, and very little in the activities closely related to it (such as the C language and communication protocols). For some protocols, the IETF simply had to make major cleanups, e.g. in the SMTP protocol and a number of others, and it is clear for everybody to see that all the old critisisms of "non-*nix-style" starndardization work becomes increasingly appliccable to *nix and TCP/IP protocols standardization.
-
I'm not even sure your base premise is correct, since Windows was developed as a single user system and Linux a multi user system. As for your observation about Linux shutdown, running sudo is the correct thing to do. Linux was derived from a multi-user environment and allowing any random user to shutdown the OS is not a good thing to do. The reason the console GUI shutdown works without sudo is because there is an underlying assumption that if you're using the console GUI then you're running in single user mode. I suspect the remote X-Windows GUI will require sudo to operate, just like Windows "hiding" the shutdown option when using RDP to connect to a remote system.
obermd wrote:
running sudo is the correct thing to do. Linux was derived from a multi-user environment and allowing any random user to shutdown the OS is not a good thing to do
I agree entirely. I was just pointing out the inconsistency.
obermd wrote:
The reason the console GUI shutdown works without sudo is because there is an underlying assumption that if you're using the console GUI then you're running in single user mode
That's probably the best response I've seen yet this thread. I wouldn't suggest however this is a *great* assumption to make.
obermd wrote:
I suspect the remote X-Windows GUI will require sudo to operate,
Maybe it does, I haven't tried. I suspect you're right.
obermd wrote:
just like Windows "hiding" the shutdown option when using RDP to connect to a remote system.
It's inconsistent for sure (across the multiple versions of Windows, and workstation- vs server versions), and I know I've seen policies to display/remove the option. But now that you bring this up, when you *do* have the option, Windows *does* warn you if you're about to do a shutdown and it knows other users are currently logged in. Given that's the case, I have to wonder why a UI-initiated shutdown request wouldn't do the same on Linux. It could be based on the assumption you put forth, but then, doing the check and putting up a warning as Windows does seems like a no-brainer to me. All this to say...none of this is a "flaw" and I'm sure it's a deliberate design decision. And it'd be interesting to read the arguments that have been made on either side.
-
Every admin-level command issued in a console must request credentials. There are ways around that requirement (google is your friend, and I do it every once in a while when I'm going to issue a series of admin-level commands), but even if you did that, it would still only be applicable to a given session. For every new session, you'd have to do it again. Once again, it's a security measure that prohibits remote execution. Security is, indeed, a pain the the ass.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
In order to save files in certain locations, you have to run a text editor with admin permissions. Still, the act of runnign them will/should request credentials.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
Isn't that Raymond Cheng's (Chang?) blog? Is he still posting? I've watched a couple of his "one-minute answer" videos on Channel 9, but I honestly have never taken the time to read his blog.
dandy72 wrote:
Isn't that Raymond Cheng's (Chang?) blog? Is he still posting?
Yup. The Old New Thing[^]
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
-
Indeed; that the case even on Windows: I've lost count of the number of times I've tried to save a change I made to the hosts file, but then forgot I had launched Notepad without explicitly doing so as an admin. No way around that without re-launching.
I fixed that by setting the compatibility properties on notepad.exe to "run as administrator". :)
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
obermd wrote:
running sudo is the correct thing to do. Linux was derived from a multi-user environment and allowing any random user to shutdown the OS is not a good thing to do
I agree entirely. I was just pointing out the inconsistency.
obermd wrote:
The reason the console GUI shutdown works without sudo is because there is an underlying assumption that if you're using the console GUI then you're running in single user mode
That's probably the best response I've seen yet this thread. I wouldn't suggest however this is a *great* assumption to make.
obermd wrote:
I suspect the remote X-Windows GUI will require sudo to operate,
Maybe it does, I haven't tried. I suspect you're right.
obermd wrote:
just like Windows "hiding" the shutdown option when using RDP to connect to a remote system.
It's inconsistent for sure (across the multiple versions of Windows, and workstation- vs server versions), and I know I've seen policies to display/remove the option. But now that you bring this up, when you *do* have the option, Windows *does* warn you if you're about to do a shutdown and it knows other users are currently logged in. Given that's the case, I have to wonder why a UI-initiated shutdown request wouldn't do the same on Linux. It could be based on the assumption you put forth, but then, doing the check and putting up a warning as Windows does seems like a no-brainer to me. All this to say...none of this is a "flaw" and I'm sure it's a deliberate design decision. And it'd be interesting to read the arguments that have been made on either side.
dandy72 wrote:
I was just pointing out the inconsistency.
I think it's more accurate to call it a "security comprimise", because it's specifically intended to work that way. I don't see it as inconsistent.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
I fixed that by setting the compatibility properties on notepad.exe to "run as administrator". :)
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
I don't know where you're coming from (especially when you're only known here as "member 7989122"), but I think a conversation between yourself and Linus Torvalds would be fascinating. I'm not being facetious.
If he pays a visit to Kargasniemi or Karesuvanto, I'll probably be passing both towns during my vacation this summer. But I guess that if he is back in his homeland then, he will probably stay much further south in the country. I have never visited the south of Finland - I would like to spend a vacation there, but I guess I'd prefer it to be a vacation. Not for discussing OS design (and lack thereof). I guess my need for fierce turf wars is fully satisified during my working day. If I should happen to meet one of the big gurus by accident, I would probably do as I use to when meeting people with strong opinions and egos: Act a lot less experienced than I am, but rather poke him with some far more thought out questions that they initially appear, to have him reveal more of his real thoughts and approaches to things, when he doesn't feel that he has to "defend" things, but rather "explain". You reveal a lot more when you explain. And the listener, me, can place "naive" questions at the right time to dig far deeper than what comes out of a turf war. Sidetracking: One of my friends, on his way to becoming a top rate DBMS expert in the 1980s, had the database guru Jim Gray as his idol. At VLDB conferences, he was chasing Grey, hoping to one day get so close that he could say that he had been touching Jim Gray's coat :-) Then, one day at a VLDB conference, he saw Jim Gray coming right at him, cheering: "Hi, I hear that you guys are from Norway, is that right? Getting drunk with Norwegains is always great fun! Would you like to come along for a drinking night?" ... My friend went along, and the two became friends for live: When my friend married, Gray crossed the Atlantic to be his best man. I don't know if they ever were discussing database systems. Most likely they did, but that is not what formed a close friendship.
-
TheRaven wrote:
Windows on the other hand could still benefit from better directory structure and more "in-your-face" security
Gawd, more in-your-face than the constant UAC prompts? I thought those were already excessive... :-)
TheRaven wrote:
makes you wander if Intel isn't in anti-virus software investment portfolio somewhere in the shadows,
Did you forget they've purchased McAfee for a few billions a few years back...?
Meant accessibility for policy management not specifically targeting UAC prompts with a focus on readability and more "user friendly" tools. As far as prompts --rather have those than ransom ware popping up on my Windows 7 boot screen (been there). And, no I did not know Intel purchased McAfee --says enough to me. Explains a great deal. McAfee the mad-man running wild in third world countries trying to escape a hit squad and now Intel rides in with Spectre, Meltdown and now a new laundry list of hidden goodies have been discovered plaguing all of IA land. Fantastic, and they own McAfee... Thanx for the heads up btw.
I was unaware of that...
-
Meant accessibility for policy management not specifically targeting UAC prompts with a focus on readability and more "user friendly" tools. As far as prompts --rather have those than ransom ware popping up on my Windows 7 boot screen (been there). And, no I did not know Intel purchased McAfee --says enough to me. Explains a great deal. McAfee the mad-man running wild in third world countries trying to escape a hit squad and now Intel rides in with Spectre, Meltdown and now a new laundry list of hidden goodies have been discovered plaguing all of IA land. Fantastic, and they own McAfee... Thanx for the heads up btw.
I was unaware of that...
-
...but if that's the case, some things are definitely falling through the cracks. On many distributions, if I try to shutdown the system at a command prompt (typically with "shutdown -P 0"), I'm told I have to run sudo and I'm prompted for a password. Great feature, you wouldn't want any dumbass you share your computer with to be able to bring it down without showing he's got at least *some* amount of authority. Yet that same user can select Shutdown from the UI, and it'll happily comply without prompting for anything else (or at most, a confirmation prompt). If this was some sort of oversight, it would've been addressed years ago, no?
Weird discussion in case of Win10. I use linux subsystem for linux within it. You can choose some linux distributions from windows store. I use, for example, firefox in linux on Win10 with success..
-
lopati: roaming wrote:
sudo is only for children and below* (* - people that really should just stay on windows)
What a mixed message. The Linux graybeards all tell you to *always* run as a limited user and you're a fool if you ever login as root. Or am I misinterpreting your answer here?
yeah I'm more old fashioned, just start a [x]term, su, do the job, ^D out. (how many times are there a few instructions to get done? less work for my old fingers doing sudo ..., sudo ..., sudo ...) but also occasionally I'm on non-linux machine - sudo doesn't always exist and probably most likely "muscle memory" effect - more used to that way [without thinking too much].
-
Weird discussion in case of Win10. I use linux subsystem for linux within it. You can choose some linux distributions from windows store. I use, for example, firefox in linux on Win10 with success..
I'm glad you acknowledged that, I was about to, when to my surprise the last comment finally did. I was also going to point out that there was an awful lot of discussion about other OSes when clearly the OP just wanted to complain about Windows. But then again, there's plenty of discussion here when someone just asks a question that can be answered "yes" or "no."
-
Nathan Minier wrote:
if you install a graphical UI on a system that runs production-critical tasks, you're doing it wrong.
I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Nathan Minier wrote:
If you don't want to UI to have those permissions....remove those permissions. It's not terribly hard, and it's generally not an oversight.
What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
dandy72 wrote:
I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Wow. No, I said if you're using a UI for production critical tasks you're doing it wrong.
dandy72 wrote:
What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
Yes, just like Windows does.
"Never attribute to malice that which can be explained by stupidity." - Hanlon's Razor
-
dandy72 wrote:
I take it most Linux distributions aren't intended to run production-critical tasks, then. I'll have to remember that argument.
Wow. No, I said if you're using a UI for production critical tasks you're doing it wrong.
dandy72 wrote:
What you're saying is that most Linux distribution creators choose to ship in a "convenience over security" state.
Yes, just like Windows does.
"Never attribute to malice that which can be explained by stupidity." - Hanlon's Razor
Nathan Minier wrote:
Wow. No, I said if you're using a UI for production critical tasks you're doing it wrong.
...and thus, since most Linux distributions include a UI that gets installed by default, my comment stands...no? I feel like we're splitting hairs here...