Michael Robertson Says Root is Safe 1174
Kez writes "HEXUS.net caught up with Michael Robertson, CEO of Linspire, at the UK launch of Linspire 5. Their interview with Mr. Robertson covers everything from hardware support to software patents, but a comment from Mr. Robertson on using root is perhaps the most interesting: "I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer. They say 'oh, yeah, it is!', but it really isn't." I would imagine a few Slashdotters would dispute that."
Okay now... (Score:5, Insightful)
- Any exploitable program you run as another user will still need a local escilation exploit in order to do anything harmful. Running something like apache as root, and any vulnerability in programs such as phpMyAdmin will make your whole server go poof.
- rm -Rf / as nonroot will make you give a sigh of relief. As root will be your nightmare.
- ActiveX and a lot of spyware is contained in windows when running as non-administrator. It's running as admin (like most people do), that cause the majority of problems with things.
This kind of talk is pandering to the lowest common denominator of user. Honestly, I feel users SHOULD learn a little bit about privileges before being handed the machine, and clicking on that file attachment.I know Slashdot attempts to soundbite things just like any other modern news media, so I'll quote:
Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
MySQL, for instance, runs as a separate user. If I so desired, I could limit the login / password for my MySQL account to only allow row INSERTs and SELECTs, but no DELETEs or DROPs. If someone were to break into my account, they could see my data, but at least they couldn't delete from the table. As root, they could stop and start the actual service, and wipe out the whole directory for that matter.
I generally see what he's saying about data being king. But if your data is that important, you'll have other safeguards for protecting it, typically via (dun dun dun), user management! For instance, keep your accounting files under a different user, home directory chmodded to 700. Stuff like that.
Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit.
Cars happen to have seat belts. Roads also have speed limits, so this analogy is flawed.
The best way for Linux to break into the market isn't to emulate windows entirely. The best way is to take the best of what windows has to offer, and augment it with the best of what Linux has to offer. After all, look at Firefox. Firefox didn't choose to adopt ActiveX, or adopt Microsoft's proprietary style transitions, or render CSS in the same broken way, right? Neither should Linux, or in this case, Linspire.
Mr. Lindows is just stirring shit as usual... (Score:5, Insightful)
Techincally it's gaining control over your system without you knowing it and running exploitable programs as root makes that easier. If the hackers get access to your libraries, programs, etc, they can do far more damage to you by sniffing your data w/o your knowledge. Hackers aren't going to just steal your data and run. If they can gain easy access to the system they are going to modify it and snoop everything and keep getting what they came for.
Michael: Then you could say "Well, it's not really about your data, it's that people could accidentally mess things up!". Well, you could accidentally drive into a wall as well, it doesn't mean we should make all cars drive at 10 miles an hour. So, I don't see the added benefit. I DO see it's an added pain in the ass when grandma tries to change her wallpaper, and it tells her "you don't have root privileges". What are you talking about, man? I'm just trying to use my computer, or change the clock, or any one of a hundred other things. So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out - In this instance, a machine that's run with the root user could be compromised, in this instance one couldn't be compromised.
I am in no way a master of Linux/UNIX and I never claimed to be but even I know that if you are exploited while running something as root more damage can be done to a lot more services, files, etc, than if you were just running it as a user. It's not theoretical. It's fucking very real and it's idiots like this guy that make it easier and easier for more zombie boxes to get out there. Look at Windows... Yeah, no, we don't need Linux to end up like that too.
I want to know who the hell this guy is talking to that don't give him a valid argument. I have a feeling they are and he isn't listening.
Michael: I know the hardcore geeks feel differently, that's fine. When somebody installs Linspire, we say "do you want to set up users, yes or no", we give them the choice, right there when they start up for the first time. If they want to set up multiple users, they're welcome to do that, but we don't force them to. That's the difference we have.
It shouldn't even be a choice. Prompt for a password (like OS X) when something that needs root privledges runs. If it has succeeded with the Mac then it can with Linspire users too. If you are so concerned about making the users have a positive Linux experience rewrite the dialog boxes when they ask for "root priveledges" so that they are human readable. Don't just eliminate it and say that there's no valid reason not to. Taking the easy way out doesn't solve the problem.
Since when is Michael Roberson a trusted source? He's an asshole that's just into pushing the envelope and making waves (remember Lindows and MP3.com?) Right now he's doing exactly the same thing. "See, those Linux users are trying to make it hard for the layperson to use "their" OS and I'm trying to make it easy. Listen to me! I'm trustworthy!"
Full article link and observations on root (Score:5, Insightful)
Not running as root works like this. Your data is no more inherently safe than it is when you /are/ running as root, but nobody ELSE'S data will fall prey to your screwup, nor will the central integrity of the system. (For granny, this means that grandson Billy can ssh in, recover this morning's backups from the write-once partition, and she can keep going, having lost minimal data.)
Running as root is like pointing a loaded gun at everyone just in case they're a criminal.
Not running as root is like fastening your seat belt. Sure, you're not intending to get in an accident...
Running as root is like driving down the highway with your hood open and your oil cap off.
Not running as root is like locking your door when you leave.
Running as root is like posting to slashdot without reading TFA. :)
Wow (Score:4, Insightful)
C'mon... How fucking retarded can you be?
He does _almost_ make a good argument for his case though...
Here's why: What's the most important thing on your desktop? It's the data. If someone gets access to your libraries or whatever, who cares? Your data is the most precious thing on your computer. And whether you log in as root or log in as user, you have access to that data, technically anyone who's compromising your account has access to your data as well.
That statement does have some merit but it definitely isn't always true and even then, I would much rather compromise only my data than have someone gain access to the entire system. If they only get my data, that's all they get. If they gain access to the entire system there is no limit to what they can do... What if they want to setup a very well hidden rootkit and snoop around on my box (watching traffic, capture credit cards, etc. etc.) for as long as possible? Not to mention multi-user systems... A compromised super user gives them full access to EVERYONE's stuff.
And of course, after he says something nearly sensible he goes on to completely shoot himself in the foot by making another completely ridiculous challenge...
So, people always say "it's less secure", but I defy anyone to point out a single instance, and people all go "Well, I, erm, it's theoretical!". There's no one area I think you can point out - In this instance, a machine that's run with the root user could be compromised, in this instance one couldn't be compromised.
What world does this guy live in? Is he completely surrounded by idiots? Remind me never to go anywhere near Linspire.
Agreed (Score:2, Insightful)
This is a sign of the real problem... (Score:5, Insightful)
While we all want to start lambasting him for his obvious lack of understanding of the obvious, I think it is actually endemic of the real problem.
People do not understand anything about computer security.
They do not understand how to limit exposure.
They do not understand the vectors of software virus infection.
They do not understand the true problems of viral infection (that is: they want to eliminate the side effects, but do not care about the primary problem).
Mocking people for being clueless does not actually make them smarter, nor does it impress them with your 31337 Haxor Skillz.
Meet my 3-year-old, Mr. Robertson. (Score:5, Insightful)
challange accepted (Score:3, Insightful)
chmod 777 -R
amongst a high seas of other things that make running as root unsane on the "woops scale"
as to be in dangeour from a remote source , well if you make a conection an open conection to someone you dont know when you root then
Re:Mr. Lindows is just stirring shit as usual... (Score:2, Insightful)
Correct me if I'm wrong, but I don't remember ever requiring root access to change your desktop wallpaper.
Ignorance (Score:5, Insightful)
500,000 windows zombies (Score:5, Insightful)
500,000 Windows zombies should be the only answer you need.
Re:What a great question! (Score:5, Insightful)
Now take that one step further and consider a malicious virus being accidentally executed by the same user that thought Bonzi Buddy was cute. Spyware is bad, but that virus might, oh... kill all your
Now how do you feel about running as Administrator?
Re:Okay now... (Score:5, Insightful)
Even if user data is the most important thing, if you run as root on a multi user box you put every users data at risk instead of only your own.
The other thing, and this isn't easy to do in many OS's, that would be nice is granular escalation of privledge. As you point out in your SQL example, if you need someone to do inserts you shouldn't have to allow them to delete.
Absolutely brimming over with wrongability (Score:3, Insightful)
He has a point (Score:5, Insightful)
We all know the reasons not to run anything as root unneccesarily are many, but you have to think from his perspective as well. He's picturing clueless linux desktop users, using a shrinkwrapped distro at home for personal use. If they were to only log in as a user rather than root, what does it buy them? Whoever gets them to run malicious code by exploiting them or their software will still get access to all of their data, since it was all stored as that user. And they still get access to backdoor all of the software they use, since they can screw the user's environment (PATH, LD_LIBRARY_PATH, etc).
About the only thing not running as root saves the poor nontechnical home end-user from is wiping out their hard drive, but all the data that's important to them contained therein is still destructable.
His point is in fact arguable - why bother?
I don't agree, but... (Score:2, Insightful)
a) an awful lot of home machines are either single user, or effectively single user (where everyone shares a single account)
b) all the system files are backed up on the nice, shiny install media
c) none of the user files are backed up
If you're not talking about a server or other shared/critical environment, then the only things of any real value on the machine are the user's own files. Root or not, they can toast them. Lindows, in case you hadn't noticed, is *not* aimed at servers...
Re:Okay now... (Score:5, Insightful)
He's not talking about daemons--presumably apache, mysql, etc. are still run as a separate user under Linspire, as they are in Debian. There's no reason to change that, since those users don't have usernames that people need to enter.
He's talking about the user account that's used by the real physical user of a desktop system.
In that case, no local exploit is needed--the attacker either uses sudo, or just sniffs the password the next time the user uses su (or whatever graphical equivalent pops up next time they try to upgrade some software).
For all the talk about it, I don't think I've ever actually known anyone to do the classic accidental rm -Rf / as root. Although I have heard of somewhat similar catastrophes. I doubt the typical gui/finder-like interface makes this so easy, but perhaps I'm wrong. In any case, as he points out, in the case of a single-user desktop, the most important data is in /home/joeuser. Once "joeuser" has deleted that, they're almost back to square one anyway.
--Bruce Fields
worse than windows? (Score:5, Insightful)
Re:Okay now... (Score:1, Insightful)
That's fine, but he has a point. How much actual real-world good does that do? It does plenty of theoretical good, but so does making the speed limit 10 MPH. By far the better solution is to make sure that the system is safe from remote attacks.
rm -Rf / as nonroot will make you give a sigh of relief.
That sounds like a workaround to make up for a design flaw in the command-line interface to me.
ActiveX and a lot of spyware is contained in windows when running as non-administrator.
I don't know the first thing about spyware or Active X or Windows, so I certainly don't care. But since this isn't Windows we're talking about here, I fail to see how this is applicable.
Honestly, I feel users SHOULD learn a little bit about privileges before being handed the machine
Well, fortunately you're not making the decisions. The "users should have to learn" mentality is what keeps computers complicated and difficult to use.
The best way is to take the best of what windows has to offer, and augment it with the best of what Linux has to offer.
I think you'd have a hard time convincing anybody that things like "rm -Rf
Accidents (Score:4, Insightful)
Besides, if you have a family PC why would you want everyone messing up each other's files if they can have nice separate home directories?
Yes ... it's that bad (Score:3, Insightful)
Re:god or mear mortal (Score:2, Insightful)
Re:Okay now... (Score:3, Insightful)
Which is easier: running a program as non-root or ensuring that it has no remote vulnerabilities? And can you be as sure about the second one as you can be about the first?
Devil's advocate (Score:5, Insightful)
Keeping in mind Linspire is totally Desktop-centric, I can see why they might have a radically different view on the permissions system from most existing Linux users.
I've already read lots of lengthy posts trashing this contrarian point of view. And they have a lot of good points, as yours does, but ultimately this reads like a single-user vs. multi-user culture clash.
The fact is that on any operating system when you have a single, important user who runs malicious code, it doesn't matter much whether they're root or not, unless the machine has a security model more fine-grained and well-integrated than anything currently in wide use.
If that user can access their own files, then their own files can be destroyed. If that user can access the internet, then the compromise can also send their files over it. Or it can simply make them a spam bot. Or a relay. If that user has an address book, then its contents can be targets for viral propagation. And so on, and so forth.
Frankly, to do most things attackers want to do, "root" is unnecessary. Nothing within the unix "user management" repertoire really lets you deal effectively with this problem, and what few solutions you do have are, let's be honest, ugly, cumbersome, evil hacks.
What stops all this? A real, heretofore unknown high-level security model, that actually says "The email program can access stored email data, preferences, and can talk to the network on this port, to these hosts" and "the word processor cannot talk IRC" and so forth. This requires a rich resource model, rethinking data storage metaphors, the whole nine yards. Unix does not have this. Windows hosts only have it in the crudest and most limited form with "personal firewalls" that to some extent at least police the network activities of applications.
So for all the Unix folks, of course, this disdain for the security model is heresy, but for the desktop world (and really, servers benefit greatly from a fresh perspective as well), it's not such a bad point. Unix lacks a security model rich enough to be truly useful to everyday users, and by extension, companies like Linspire that cater to them.
The most important thing on my computer... (Score:3, Insightful)
The most valuable thing on my computer is probably the user name and password to my internet banking facility.. Not that I store them on the machine but I do type them in. Maybe running as non-root does give you access to all the data in a users home dir but it sure makes it more difficult to overwrite those libraries he's talking about with keylogging trojans that will harvest my passwords.
Re:Okay now... (Score:5, Insightful)
While this is a Windows problem, it can result in a misconception that could end up being applied to other platforms. If people are used to using administrator privileges because of programs requiring them, they might think that they'll have to do the same on Linux and other systems. Avoiding Microsoft's mistakes is one thing. Undoing its influence is another.
Re:Excellent commentary... (Score:3, Insightful)
Lack of ActiveX support actually prevented my previous company from switching to OpenOffice or Mozilla. The attitude that it's better that these two apps don't support it seriously pisses me off. If Microsoft can't get away with being arrogant, than the OSS Community can't either.
Re:Okay now... (Score:5, Insightful)
Automobiles are much less complicated, but we don't try to hide that complexity; we assume that people must be trained in their proper use. Why not computers?
Re:Excellent commentary... (Score:5, Insightful)
Re:Okay now... (Score:5, Insightful)
That sounds like a workaround to make up for a design flaw in the command-line interface to me.
How is this a design flaw? If you ask me, it is the command-line's greatest strength. You tell it to do something and it does it. If you wanted to be safe and have it confirm your request before it does each and every action you shouldn't specify the 'force' option. This is a GOOD THING!
You're MISSING THE POINT! (Score:3, Insightful)
1) The end user of Linspire is most probably a windows user trying to switch to something cheaper. The odds of Linspire being heavily used in a multiuser environment are bleak at best.
2) He makes a valid point, the most valuble information on your computer are things stored in your home directory. Credit card information, social security, emails, etc. Guess what . . . `rm -rf` will eliminate all of that even if you aren't root. Who cares if you accidentally wipe an X library, a reinstall will fix that, it won't get back your emails and resumes.
3) Everyone's argument for the flaw of running as root seem to stem from services running as root, which is something the enduser of an operating system like Linspire shouldn't be expected to fix anyway, nor will most Linspire users be running apache servers and mysql servers, I'm just guessing at that.
A windows user or a linux newbie doesn't want to remember several account passwords just to change the IP address of their computer, or to reboot, or mount an external hard drive, or start Samba, etc. They want to know that they have permission to do those things out of the box. That's how windows is set up, that's what they want. Security should be handled by turning chrooted service invocation, firewalling, etc.
This isn't FreeBSD, tailor to your customers and make them happy, without them you don't have a business.
Re:Okay now... (Score:5, Insightful)
Re:Okay now... (Score:3, Insightful)
I really think the usage model is important. If you use linux like a windows user, and are constantly installing desktop applications (i.e. games, office apps, etc.), then the convenience of running as root is difficult to beat. If, on the other hand, you want to run a multi-user, commandline environment, then the separation of priveledges makes quite a bit of sense. For me, the convenience of root outweighs the drawbacks of the occasional rm -rf disaster. Proper backups mitigate any real risk.
99% (Score:3, Insightful)
The reason that Robertson didn't get the answer to why not to "run as root" is twofold.
1.) He didn't want to hear the answer when it was told him.
2.) probably 99% of people who know that you shouldn't "run as root" don't know absolutly why themselves. They have a pretty good idea, but someone they respect and trust (and who is correct) told them it was stupid.
The other 1% who could have told him why, weren't consulted. Nor will they be.
It's no accident that Linspire (Lindows) is modeled after Windows, and it contains Windows' greatest fundamental security flaw.
Re:Excellent commentary... (Score:1, Insightful)
Hmm.. I misread your comment. Sorry. I'd like to replace the above statement with this one:
How can OSS use ActiveX? A better question is: How can they expect change to happen if stuff works in MS products and doesn't work in OSS software? All of your ideals go flying out the window if one can't do their basic job. You're basically handing Microsoft a good reason continue being their customer, not the other way around.
Make all the excuses you want, at the end of the day what matters is if the product does what it needs to or not. That's why my previous company uses Office and not OpenOffice. You can tell them they're wrong all day and all night, but they'll reply with "I don't give a shit, I can't control my need for AX."
Re:Excellent commentary... (Score:3, Insightful)
BTW, you REALLY don't understand what ActiveX is. Heh. Non-MS products can open ActiveX plugins.
No, you don't understand.
It's still a proprietary MS extension even if you can add it to non-MS products.
Oh and you can't add it to Linux products.
- Stian
Re:Okay now... (Score:1, Insightful)
It is remarkable, with comments like these, how the parent post got modded up.
Re:Excellent commentary... (Score:5, Insightful)
For the business world, admittedly, with the entrenched position of ActiveX-based systems on corporate intranets, it's perhaps a little silly and a bit of a barrier to business adoption, but for home users one of the biggest complaints about Windows is the fact their machine can be 0wned by Virtual Bouncer, CoolWebSearch, ABetterInternet and God knows how many other drive-by-installed apps and toolbars just by visiting a slightly wrong-side-of-the-tracks website.
Workaround? (Score:3, Insightful)
That sounds like a workaround to make up for a design flaw in the command-line interface to me.
No, it illustrates that some portions of the computers storage space have need to be protected. And that sometimes users do need to alter them, but not generally.
It's just as easy to take a big chunk of the Windows directory and start trashing stuff with the GUI as well. If you give users the means to manipulate persistant storage (which you do need to do because as the article says, data is king) then you also have to have some way to gently steer them away from utter disaster. How you not heard tales of users trying to free up space on an HD deleting some crucial part of Windows? I have!
Re:He has a point (Score:2, Insightful)
Whoever gets them to run malicious code by exploiting them or their software will still get access to all of their data, since it was all stored as that user.
It's generally worse than that, in practice, because you usually have to be root in order to install most software. So unless a user is reading every line of code and compiling it locally, you're just need to shift the exploit into the install program.
Now look, it's theoretically possible to make it so that nearly all programs can be installed without root privileges, but this requires pretty much a complete rewrite of the unix hierarchy. Unix wasn't designed with home systems in mind.
Standards compliance (Score:5, Insightful)
Having said that, I think a plugin that allowed you to use activeX is a cool idea. I just don't think that tying the browser down to any one platform is a great idea. If you're particularly keen to produce an ActiveX version, go fork the codebase.
Re:Okay now... (Score:2, Insightful)
Security is about layers!
Re:Okay now... (Score:3, Insightful)
You are no longer talking about scenarios within the realm of the typical end-user desktop and, thus, are talking about a completely different target market to Linspires.
You also talk about not being able to do any "damage" as a non-root user. That's right - except to your data, the most important data on 99% of machines.
You have completely missed the point. Thanks for playing.
It goes to more than multiuser (Score:3, Insightful)
Not everyone takes proper advantage of the root privelege separation. Popping up dialog boxes asking you to enter your root password, for example, was a terrible design decision on the part of most distros. And sudo is almost always misused. But properly done, root privsep is your only way you can reasonably know you're running a clean system.
Re:Okay now... (Score:5, Insightful)
1) A lot of programs where this happens can be fixed by adjusting configuration, or copying registry keys rather than giving the user full Admin rights.
2) Developers who write software that absolutely requires Administrative rights for common use, and the program is not designed to alter fundamental hardware or OS configuration (such as a registry editor or a graphics driver tweak utility) are incompetent and should be killed.
Re:Okay now... (Score:4, Insightful)
In my shop, administrative rights are strictly limited, and so I see this effect also. There is some Kodak camera-handling software that complains if you run it without administrative rights (though it seems to work just fine) and a weather display application that fails like Citrix Client unless it is run as an administrator. I am sure there are other examples.
My answer to this class of problems is to declare the software not working, and suggest that the user ask the vendor for a version that will run without administrator privileges. I have yet to see a software vendor respond positively to this request, but in the long run I think it is the only solution. I am not willing to give my users administrator privileges so they can run some poorly-written application!
John Sauter (J_Sauter@Empire.Net)
Re:Okay now... (Score:5, Insightful)
See NeXTSTEP and MacOS X. Users were not root. Users seem to be getting along just fine. Login optional.
No good rebuttals yet... (Score:2, Insightful)
This problem can easily be solved by making all non-critical configuration tasks (e.g. setting the date) run using sudo behind the scenes. Changing the date as a non-root user shouldn't require a root password (unless you're real paranoid about bugs in your date setting code allowing crackers to exploit date-triggered viruses, or something...)
As for requiring a password, the only real solution is biometric, and that will be a while in coming. But most grannies aren't going to be changing hardware settings unless they are comfortable entering passwords. And if they aren't, they shouldn't be changing hardware settings anyway...
Re:Okay now... (Score:2, Insightful)
The User Interface on my Microwave Oven has never crashed. Nor has my alram clock, or stereo. My digital answering machine works every time. The ATM at the bank has a really ugly UI, but it seems to me that it has always just plain worked.
Oh wait, you didn't know that those were all computers? Sorry, I guess I have been working in embedded systems for too long....
Oh yeah, Windows does some ugly things at odd times that I just cannot understand. Linux does some really ugly things sometimes to, but I have the source code, so I can fix it. Ummm, no thanks, I spend all day writing code. For example, why do the printer drivers for my Laserjet IID stink so bad under Linux? Windows drives the thing beautifully. I solved that by upgrading to a 4M+ with lots-o-memory and a PS cartridge, but it still doesn't excuse the stinky printer support in Linux.
Both are a pain in the butt to install and use. And hey, shut up, I have spent the last 20 years in Unix lala land. System 7, System V.2, V.4, HPUX, SunOS 4.x, Solaris, Linux, FreeBSD, NetBSD, and QNX.
This isn't intended to be a Flame, just my general observation. The products that I have developed were certainly smaller than either Linux or Windows (only 20KNCSL to 80KNCSL for my part of each 'thing') but the final products were stable, and pretty easy to use.
I think the closest you get in the general computer world to having a complex system with an easy to use, easy to learn UI would be games. It gaming systems are so easy to use, why is the 'desktop' so stinking hard?
Grow up. Get your head out of your pants. You your system once while trying to pretend not to know anything. You'll soon see what a mess it is.....
Re:Okay now... (Score:1, Insightful)
In one way I agree with the otherwise brain-dead parent post: the proper way to focus computer interface design these days is maximizing its ability to adapt to a spectrum of user sophistication and experience, native intelligence, and taste. I'm old enough to remember being charged $1000/hour for CPU time (1980s dollars, so multiply accordingly for 2005 dollars). Under those circumstances obviously you minimize the fussing you do with the computer, and you expect people to get trained before they use it. The cost of human time spent training is nothing compared to computer time that might be wasted if humans are untrained.
But those days are gone. In any modern firm, human time is fantastically more expensive than computer time, which has become dirt cheap. It's even generally -- sorry slashdotters -- lots cheaper than programmer time, when you are talking upper management and the programming can probably be outsourced to Bangladesh anyway.
It just makes very little sense to be sending $150/hour people to take yearly training seminars when you can spend the equivalent of an extra $2/hour in salary for them making sure their computing technology adapts itself to their every quirk and whim.
Think of it this way: the CEO of a big multinational needs to communicate with important folks in many other countries. But he doesn't invest 3-4 years becoming proficient in each language he might have occasion to use. That's a crazy waste of his time. Instead the company hires a few top-notch translators, permanently or on a contract basis, and they plug them in as needed. It should be the same way with ubiquitous computing technology. The power of the hardware and the cleverness in the software should be making sure the computing resources adapt themselves to the peculiarities of their human operators. That's the route to maximizing efficiency in the system.
Re:Okay now... (Score:3, Insightful)
I didn't know just how important
The thing is, unless you have your shell prompt display the full path you're in or do a "pwd" before every delete, UNIX's dir naming traditions make it easy to mistake top-level dirs for some subdirectories. For example, a lot of programs will have their own 'bin' or 'lib' directories, some of the top-level dirs are repeated in
Re:Excellent commentary... (Score:2, Insightful)
Except that it cannot completely be an alternative to IE because IE supports something that FireFox doesn't.
I believe that is the point that other dude was trying to make, but everybody's busy telling him he's wrong.
Re:Okay now... (Score:5, Insightful)
I would think that it would take some serious hacking to allow apt to install software into your own home directory but it would probably be a worthwhile effort.
He's got it backwards (Score:2, Insightful)
The solution here isn't in dumbing things down. It's in giving a 1 minute presentation about the *nix security philosophy during the first login. I would think that most people, and ESPECIALLY newbies, would get behind that type of security if this guy would take 30 seconds to explain what it is and why it HELPS them instead of just portraying it as a nusience. In many ways, logging in as a user really does give you a freedom to explore and learn pretty risk free. People know that there are ways to break their computers. Telling them to go ahead and press any button you want to; if it's a button that will do something serious, it will make you enter a password would probably be attractive to most people learning an unfamiliar OS for the first time.
Re:Excellent commentary... (Score:5, Insightful)
(1) It does not work cross-platform. Both Firefox and OpenOffice work on platforms other than Windows. Both platforms keep this compatibility by not introducin technology that could possibly limit this capability.
(2) It is proprietary. You may be confused on what this means. Basically, the technology is owned by Microsoft. This very same reason is why PNG exists despite the existance of GIFs. GIF technology was proprietary and, thus, could not be placed into a product that had a open source license (Linux).
(3) Firefox has no need for ActiveX since it has, in my opinion, a better technology with XPCOM. OpenOffice, if I remember, can be extended with Java plugins. Java has built-in security unlike ActiveX. Both XPCOM and Java are cross-platform which goes back to my point #1.
(4) Active X is not very secure. You will hear this time and time again. Microsoft even knows this and turned them off by default in SP2!
Make all the excuses you want, at the end of the day what matters is if the product does what it needs to or not.
As stated in point #3 above both Firefox and OpenOffice support technologies that give them quite a bit of power to get any job done.
I have a pretty good memory and I remember correcting you on these issues before:
http://slashdot.org/comments.pl?sid=144131&thre
Before you go spouting about some guy who would have no job if it werent for ActiveX or some other non-sense drivel, answer this:
What does ActiveX do that XPCOM and Java are incapable of performing?
If you are not able to answer that question, you have no base to stand on.
Re:Excellent commentary... (Score:5, Insightful)
Fine. But FireFox (and others, such as Mac's Safari) support something highly worthwhile that IE most definitely does not. Namely, a reasonably safe and secure browsing experience.
Some markets will opt for security and safety, using technologies that are (compared to active x) much (duh) safer and more secure.
Others will continue to endure spyware, viri, adware and various trojans and other invasive garbage. Those are "IE features" FireFox doesn't want to offer. Or let me put it this way -- they are "features" that this FF user doesn't want to be "given", because they are inevitably prefaced with the command "bend over."
I truly think that to impress ActiveX upon FireFox would be just about the worst thing the FF developers could do. FireFox provides a better experience. That's why it's doing so amazingly well. Put ActiveX in there, and that experience is going to begin to degrade. It may go as far as to be as risky to surf with FF as it is to surf with with IE.
Does anyone really want that, other than the companies who have embraced and extended Microsoft's Active-X? Is there anything truly significant you can do with Active-X that you cannot also do with Java?
Sure... you pick a technology that is proprietary to one browser, that browser starts to lose favor with the user community, and definitely, you will have work to do. Time to start studying Java. It's not time for the junk technology to be imported into FF to extend the EOL of some Active-X product.
Java was designed to be secure. It's been remarkably successful at it, too.
Re:Perfect Example (Score:2, Insightful)
Re:Standards compliance (Score:3, Insightful)
You can argue that Active-X is not open, but you can't argue that it's not a standard - in fact, it's the prevaling standard. Adding Active-X support would not tie a browser down to one platform, it would just limit that functionality to one platform. That's what plugins are for.
Clearly, some people value Geek cred over broader adoptability, which is a shame.
Re:Okay now... (Score:5, Insightful)
But if I want to visit some illicit web site, and I don't trust that my cookie files won't be sought out by some clever Ajax tricks (hey, it's new, we can fear it), I at least launch a different one of the dozens of install browsers, or if I'm really paranoid, I log in as the dummy user. (again takes half a second from a terminal window). With the exception of X-atom-based consolidation of browsers, so long as I run a different base application (epiphony, mozilla, firefox, galean, etc), I can have two different users displaying graphics on the X-session.
Again, I know.. power-user stuff.. But you could have (as I've pushed for in other posts) applications on the task bar launching applications of different users.. Especially if you're the distribution writer.. And ESPECIALLY if you're a single-user-signon distribution.
Re:Excellent commentary... (Score:5, Insightful)
Fine.
However, the next implication is that it can be turned on. This is not fine. Why? Because it is dangerous. The average user does not comprehend that it is dangerous. Like the argument here that one should not run as root (which I agree with for most people in most situations) the idea is that if you're not smart enough to handle a tool, you should not be handed that tool.
It's not arrogance to say that it is not a happy worldview to see people's computers being trashed by junkware let in by badly designed software -- Active-X -- it simply isn't a good thing. You can't make it a good thing.
Now, if a company has invested time in developing for this proprietary (but very dangerous) technology, and the marketplace leaves them behind, as it is showing definite signs of doing, then if that company wants to survive, it needs to lose the dangerous technology, get with the program, and use the safe technology. That's called evolutionary pressure. I'm part of that pressure. I don't use IE. If you use IE-specific technologies on your site, you've lost me (and at least 10% of the rest of the world, and more every day.) Now, you can only ignore this for so long before you (a) solve the problem by losing the junkware, or (b) are driven from the business space by competitors who are able to recognize and resolve the problem.
From a user perspective, I'm just one guy. I won't use IE.
From an applications standpoint, I own several companies and we don't use Active-X (or Java, for that matter) as a matter of course. We do server-side apps, because (a) we have total control over them and (b) because all users, that's 100% of them, can use our apps. We give up some glitz, certainly, but we've never, ever had to give up anything important.
So my outlook does have some effect. If Active-X were to go away, it wouldn't touch me at all, other than to make the web more accessible to me and perhaps give my competitors a more stable place to stand. Do I worry about the people who invested in Active-X? No. And, really -- why should I?
Arrogant? No. I'm entitled to my opinion, just as you are entitled to yours. As for putting any thought into it, apparently you didn't notice my sig. This isn't an issue I just picked up on this afternoon. I have indeed thought about it, and this is where I ended up.
Re:Excellent commentary... (Score:5, Insightful)
PNG was developed not because it was impossible to put GIF support in Linux, but because it was feared that Compuserve (which discovered it held a patent on one of the processes used in GIF compression / decompression) would abuse it's power on all platforms. In the early days, they talked about levying a fee on all clients, users... anything that interacted with GIFs. At which point development of PNG began. I believe CompuServe finally settled on the less unreasonable 5c per paid application that can encode GIF's, with no fee for decoders. That fee is no longer with us, as the patent has expired.
On the other hand, PNG has surpassed GIF's by adding alpha layer transparency... in other words, you can have certain pixels that are 100% opaque, or 10%, or 55% solid, or whatever. This would make working with images on the WWW so much easier, if MS would just bloody well implement proper PNG support like they promised as a feature for I.E. 4.
What does ActiveX do that XPCOM and Java are incapable of performing?
Install very convienient password management apps, automatically, like Gator.
Re:Excellent commentary... (Score:4, Insightful)
With ActiveX, you're using IE as a custom client UI for your apps, not as a web browser. Why should other web browsers turn themselves into a general-purpose Win32 UI platform? That's not their focus.
What would be wrong with just staying with IE for your Win32 application? You can still keep it around just as a container for your custom-coded UI clients. If you want to actually *browse* the wold-wide-web instead of running little Win32 applications, nothing's stopping you from using other more modern browsers.
Re:Perfect Example (Score:3, Insightful)
I've never seen a linux distro that even *had* CWD in $PATH.
But hey, maybe you like going around trying to run "./ls"
Finally, PATH is searched in order. So
Re:Excellent commentary... (Score:5, Insightful)
I think the correct answer is marketing. The gecko browsers are packed full of some really cool toys for developers. But it's very very hard to sort through it all. Every so often I start playing with various features common to Mozillaish browsers like XPI, XSLT, and Javascript. It always strikes me how much potential there is to make some very cool applications using these. One pet project of mine is to see if I could create a set of XSLT documents that would transform glade projects into XUL applications, which could be themed via css.
It's coming along pretty well, but I find it very difficult to wade through the developer documentation. XULplanet [xulplanet.com] is a great resource, and there's a few others like the DOM ref [mozilla.org] on moz.org, but it seems pretty scattered, and sometimes out dated, and sometimes it just completely disappears like DevEdge [netscape.com] (which there was some talk about being resurrected). In some cases, the only reliable documentation is the moz source [mozilla.org] itself, which is very hard to navigate without a fair bit of research.
I've never done anything with ActiveX at all, or dealt with Microsoft API's very often at all, but I've seen their documentation [microsoft.com], and it seems like its quite a bit more focused, and easy to find things.
Having had to go looking for documentation myself, I think I can see why companies would be reluctant to use Mozilla technologies in house. Is there anybody at the Mozilla foundation that deals strictly with promoting moz as a developer platform, rather than focusing on the browser itself?
He's right (Score:3, Insightful)
- Any process that is owned by a given user has all the authority that that user could have
- Some executables allow a process to start other processes with root access. If there's an overflow in any of the numerous suid binaries, any process can use it to escalate.
- The most dangerous operations, such as processing network data, require root privileges. I still think that "must be root to bind ports < 1024" is the #1 Unix/Linux security bug and we've been suffering with it for three decades.
- There is a user (root) which can access everything in the system. There's no way to grant a program the capability to listen to port 80 without also granting it the capability to write raw blocks on the disk, access raw devices, access other users' files, etc. This is an absolute disaster. No ordinary web server needs the ability to write raw disk blocks, so it shouldn't have the capability to do it.
So yeah, the Unix/Linux security model is such a disaster that he's right! On a single-user machine (such as a typical Linspire machine) the user isn't really any worse off running everything as root.What would be nice is if someone would actually fix the Unix/Linux security model one of these decades.
I'm sure a lot of Unix old hands (perhaps complete with beards!) will dismiss what I'm saying as rubbish, but I also believe that just being an old Unixer doesn't give anyone any special understanding of security. The way to get a special understanding of security is to think about, and understand, some theory ideas like least-privilege, capabilities, compartmentalization, that kind of thing. All those are foreign to the traditional Unix world, which is based on users and permissions. The users-and-permissions model is the ROT-13 of security models.
Re:Excellent commentary... (Score:3, Insightful)
ActiveX runs things that were previously designed to run via ActiveX. The question is akin to "Why use windows over linux?" There are many ActiveX controls already written that cannot or will not be rerwritten that people depend on, and unless someone takes the time and money to make clones for the controls, people will continue using the pltforms thtat the controls tie them to.
There are good reasons for people to replace ActiveX with something else, but there are also good reasons for users to continue using the programs that support their controls. Inertia is a powerful thing.
Good point, but there were alternatives (Score:1, Insightful)
Re:unix is multi-user (Score:3, Insightful)
Never assume that because you're the only one to use your machine today, that you're not going to let someone else use your machine tomorrow.
Re:Mr. Lindows is just stirring shit as usual... (Score:2, Insightful)
But the point is, if the user interface to the system is well designed, they don't have to know anything about root, suid bits and quotas. They can have a machine that is both more usable and more secure, and it is job of companies as Linspire to give it to them. Instead, Robertson is saying: we can't be bothered about this, our user interface is a piece of crap, so we will simply let everybody run as root and forget about it. That's exactly what Microsoft did, and that's exactly the reason there is now so much spyware and other crap.
Re:Okay now... (Score:3, Insightful)
Basically, yeah. Because you see, searching is the best way to find things. It's the best way we have. We don't know of a better way. If you think of one, great, I hope you become fabulously rich. But right now, searching is the acme of human accomplishment when it comes to finding things.
See, the computer is there to keep track of relationships for you. That's its job. It's not just a storage device. It's a device that's capable of storing and retrieving things. If you want information related to scuba diving, you shouldn't have to go looking with lots of clicky-clicky-clicky. You should be able to just ask for it. That's why we have computers instead of, say, shoeboxes full of paper.
Is 30+ years of computer science a design flaw?
It is when that 30+ years of work leads to something that's since been supplanted. It took us thousands of years to come up with Aristotle's theory of nested crystal spheres, but it was still wrong.
My entire point was that different != better when it comes to user interfaces.
And my point is that better is better. You're talking in meaningless and nonsensical abstractions. I'm talking about an actual computer program.
Replacing file-trees with search and removing the ability to keep file-trees
Who said anything about removing anything? Of course, if somebody did do that, it would not be worse. Have you looked at a database lately? Databases preserve relationships between entities in a way that's totally opaque to the user. You get to the data by going through a semantic interface. This is superior for managing large volumes of data. In fact, it's superior for managing small volumes of data, too. It's just that the activation energy used to be so high that it wasn't worth creating a relational database to store, say, your e-mail, chat transcripts, contact information and calendar entries. Spotlight reduces this activation energy to zero, meaning you can create that relational database with no investment at all. Just plug in the data as you normally would, and Spotlight handles building the relationship models for you.
Example: Just a few hours ago, I got an iChat from a person whose name I recognized, but I drew a complete blank on who he was. I spotlighted his name and instantly found an e-mail that he'd sent me two years ago. As soon as I saw it I knew exactly who he was; I just needed to be reminded. At the same time, I saw that he was on the attendees list for a interdepartmental meeting that's scheduled for April 28. It was in my calendar, you see.
See what I mean? The computer goes from being a big shoebox full of paper to a machine that actually knows things and that can answer questions. This is good. This is important.
Again: You're talking in meaningless abstractions. I'm telling you about an actual, working, shipping product. Not maybe-someday, but today, tonight, right now. (Well, right now for us. Ten days from now for everybody else.)
first time I sat down at an OS-X workstation I couldn't even find the web-browser let alone documents.
Hm. I'm having a hard time coming up with an explanation for this that doesn't involve massive, almost comical stupidity on your part. Maybe I should refrain from jumping to conclusions
I found in particular your question from two comments ago to be freaking hilarious in light of what you said about not having much use for Mac OS X. You asked, "Why can't I just grab the contents of my 'programs' directory and move it to a new machine?" If you'd spent ten minutes using a Mac instead of complaining that the Dock is, to use your word, "ugly," you'd know that that's precisely how things work on the Mac. Applications are self-contained little packages that can be run from anywhere and simply dragged from one computer to another.
That cracked me up.
Re:Root, Shmoot (Score:2, Insightful)
You're like someone in the 1980s complaining about not being able to have unprotected anonymous sex anymore. Times have changed.
Re:Okay now... (Score:2, Insightful)
"In that case, no local exploit is needed--the attacker either uses sudo, or just sniffs the password the next time the user uses su..."
Unless the user has . in his/her PATH the attacker will not be able to "replace" any programs like the sh. The attacker cannot log keyboards strokes or snif the tty without root privileges. Hence if your system is set up in a good manner the attacker cannot just get the root password.
Unfortunately most users can be tricked into writing their own password and most systems like ubuntu and MacOS has sudo ALL as default.
Some of you are missing the point (Score:3, Insightful)
Some would say that this doesn't matter if you are a home user but even home users should (and often do) have different users for the different family members.
If the 13 year old kid downloads lots of 31337 warez and gets a worm thrown in with it, this shouldn't affect dads documents, budget, tax stuff and credit card information.
If you run each account as root, this is bound to happen sooner or later.
The Right Thing [tm] to do is to make it easier for home users to live with security, rather than just remove security. OS X manages this decently, why can't Linspire?
Re:He's right (Score:2, Insightful)
stop bitching and help us all. enlighten us with your wealth of wisdom: put it in code.
Ignorance. Sheer ignorance. (Score:3, Insightful)
Nowadays, many malware authors don't actually care much about any data that's stored on disk. It's the data you enter every day, often without realizing it, that's [i]really[/i] interesting. What sites you visit, what ads you respond to, and such: these can be gleaned from history files with some success, but by the time you get that data it's already out of date. Getting it in realtime is better, and this is what spyware does.
Even this, however, is not the only reason malware exists. Very often, what malware authors want isn't even your data; they want your computer itself. That's what zombie networks are, essentially. This allows The Bad Guys (be they crackers, spammers, or whatever) to make use of your machine to perform their nefarious activities, and the hell of it is that they can do it in ways that make it look like you're the culprit.
Of course, even this doesn't cover everything. Adware doesn't usually bother to collect data (though it can), and often doesn't act as a zombie: it's just there to shove even more ads in your face. Yes, this is more annoying than destructive, but it's still malicious.
The point of all this: Data may be king, but a king is nothing without his court. That's the problem with this man: he's too ignorant to see any security problems outside of data theft. As a result, he advocates irresponsible computing, seeing no harm not because there isn't any harm -for there is- but because his concept of harm is not broad enough.