You are making it sound like you need root access for a keylogger. That's not true when input is going to X, which is true the majority of the time for all desktop users.

I keep saying this on slashdot but should really get off my ass and do something about it. The Unix security model is totally useless in the context of a desktop machine. So is the Windows security model. Processes are not the users that run them.
PolicyKit needs to be extended to delegate just "superuser" actions but normal actions as well, by program. It should be much like the OLPC or similarly Android - apps which are installed / run the first time should have to ask for a set of permissions they need. These permissions are to be changeable only by the user via a privileged frontend. If my desktop environment happens to start a scary .desktop file, it wouldn't matter. It wouldn't have access to my ~, to the network, or XQueryKeymap...unless it asked nicely first. If something needs to open a document outside of its dot directory it can do so via a _privileged_ file chooser - ask over DBus, and the file that the user picks will be hardlinked into the sandbox.

Those figures won't be useful for very long. Let me future-proof them for you.

Note to readers: Add a trailing 0 to the USD amount for every 6 hours after the parent's post time.

Outsourcing the hardware isn't the benefit. Amazon and friends have that end of the game.

Within some large organization - university, corp, whatever - there are typically a huge number of workstations with lots of redundant hardware that is usually sitting idle, lots of departments with varying computing needs, and some ever changing number of servers, some crusty, some doing lebenty-jillion different jobs...

It's very handy for various departments to be able to provision servers as they need. Some pool of terminal servers can be maintained, serving VPN users as well as thin clients. Physical servers can be brought up and down as needed without even dropping net connections. Maintenance doesn't mean downtime. You're paying for bandwidth and hardware just like you always did, but its a commodity for the people that actually need to use it.

Hardy is version 8.04, not 6.04, and has NTFS read and write support out of the box. Any NTFS partitions show up in the Gnome places menu. Easy.

Servers, network printers and Linux workstations get a cute name.
All servers, printers, and workstations get a standardized boring name in addition.

Hostnames on the machines are set to standardized-cute, such as v16filer2-quark.
An A record exists for all of the standard names. A CNAME exists for all the cute ones.

The cutesie names are a big help to the people that use that particular machine frequently. They're accessible via either, but shell prompts show both (which reinforces both, over time). Hostnames are obviously what show up in automated alerts. All machines have a sticker with both, cutesie one in larger font - eventually you'll learn where thrall is but much less likely to remember the official name.

The (good) devs usually elect to have a Linux workstation, and they get to pick their own name.

Some of the 'mascots' which have appeared on the stickers are certainly quite amusing

Perhaps they could hire some kind of outside contractor - with an extensive botnet and lots of spam-sending experience - at some ridiculous fee! I'm sure with significant compensation, these professionals could be convinced to spam the DoJ.

In all seriousness, all this will do is make a certain few people very very sad inside when they see just how easy it is to fool the common deskmonkey, and just how much info you can get. At best, some of those certain few people will become motivated to make it their profession...

Yet another example of why the "user == app" idea is silly and dated.

The concepts seen on certain mobile phones as well as the OLPC make a lot more sense and are simple enough to understand. An app is not a user. An app is granted some subset of permissions at install time, such as network access and (drumroll please) ability to change system settings.

If you want to get really fancy, you can define perms for an app, perms for a user (such that an app can pop up a UAC prompt to gain (most) of a user's perms in addition to what it already has), and even perms for an app granted by an admin that no user actually has - only the signed Firefox binary at path X can make outgoing port 80 connections, or somesuch.

Notepad doesn't need network access. Notepad doesn't need write access to my entire home directory (especially the ability to delete files) - open/save single files with a gui prompt as 99 percent of files need to do should involve a privileged service. The MS settings apps shouldn't show a UAC prompt - but the solution is NOT to let everybody change system settings - that's just lazy.

Disclaimer: yes, I hate the unix security model even more

The option for "wheels" disappeared - the bugfix was Triaged by adding cinder blocks.

Go back to bed dad

Ubuntu breaks a LOT in every release it seems.

I made the mistake of installing Intrepid on my laptop after using Hardy on my desktop since it was released. As a wonderful side effect of keeping lock-step with Gnome, Intrepid lost session management. My Hardy desktop will gladly restart all of my apps on login, but Intrepid will give you a blank slate every time regardless of your "Remember session" setting. It's STILL not fixed this many months after release, even though it has worked since the 1.x days.

Better parenting and education?

What if all parties are fine with the nudie pics, including parents? One can't blanket label the act as "morally wrong"

Cold boot attacks on laptops are interesting and all, but me, I'd just use the firewire port

It is applicable on a smaller number of laptops, but you also have write access and the machine continues running (less suspicious). Somewhere (perhaps in my link, can't remember) I saw a nifty python script that patches winlogon to allow unlock by entering an incorrect password. If you're an exceptionally slick bastard, you might squeeze a keylogger/downloader/etc into some dark corner of RAM and hijack some unlucky thread. On Windows machines, who knows, maybe we'll see a convenient hardware dongle to assrape the DRM path while it's looking the other way...

Don't even have to move the laptop somewhere secluded to rip it apart. Just plug in your 'music player.'

"Did you mean ?"
Woah! I didn't even know people could bend that way!

Thank you Google Sex Search!

Apparently the semantic meaning of eleventeen levels of nested div tags is lost on you.

Uhuh. Linux users are essentially the paraplegics of the OS world. Nice try, troll!

A Linux user might need a wheelchair, but it's probably because he sawed his legs off due to patent concerns over the relevant genes.