Thread: Linux Version reccomendation

  1. #16
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    Quote Originally Posted by Jaqui
    Ubuntu / Kubuntu / Edubuntu all have one critical error, they use a no root account and sudo only securty model, which makes them as vulnerable as any windows box to malware exploitation.
    Huh? They disallow direct root login, and that somehow makes them more vulnerable?
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  2. #17
    Registered User Jaqui's Avatar
    Join Date
    Feb 2005
    Posts
    416
    not that they disable root login, they disable root account, making that single user system one with the user logged in as super user, since it is the user password that grants access to system applications, not a different password.
    so they have every single user system running as root without a root account, the windows equivalent of running as administrator. [ which is the norm for the windows world and the reason windows flaws get exploited so easily ]

    I went through ubuntu, and found a number of areas it failed in meeting my needs, like it can't be installed for a multiboot linux box, it has to be the only distro on it. I find having multiple distros available handy for testing, since only slak, debian, gentoo are guaranteed to use the fsh standard, and only debian of those three has support for rpm to meet the lsb standard. not any other distro is standards compliant, making testing and development for them a nightmare if you don't have a copy on the system. the from scratch distros can be compliant, it depends on the person building them, if they don't make sure they meet the standards then their distro isn't compliant.

    but to promote linux as a viable development platform for commercial software houses, the distros need to be fully standards compliant, so they can build once and run on any distro, with no distro centric tweaking needed. Red Hat, Suse, Mandriva and Ubuntu / Edubuntu, Kubuntu are all minimally compliant, the *buntu's for filesystem, the red hat, mandriva and suse for package manager.

    Security wise, debian, slak, suse are the distros that have gained a security rating, the others are all not available with a configration that gets one. they may have SELinux available, but it isn't installed and configured effectively by default.
    [ SELinux is known to cause major interactivity problems, it killed smbclient on a rhel system being used by a system admin to examine porting their entire netork to linux. naturally he wasn't impressed by that, yet he doesn't know linux well enough to be able to secure it without uing selinux ]
    Last edited by Jaqui; 10-03-2006 at 06:59 PM.
    Quote Originally Posted by Jeff Henager
    If the average user can put a CD in and boot the system and follow the prompts, he can install and use Linux. If he can't do that simple task, he doesn't need to be around technology.

  3. #18
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    so they have every single user system running as root without a root account, the windows equivalent of running as administrator. [ which is the norm for the windows world and the reason windows flaws get exploited so easily ]
    From what I understand, that is not the case. The Windows model has the user running as Administrator all the time, unless they take pains to create non-Administrator accounts and use them. The model used by Ubuntu has the user running as non-root all the time, except when they sudo to perform system administration, which is effectively no different from simply logging in as root.

    I guess the rationale is that since the distro wants to do a fair amount of hand holding, having the root account enabled by default could lead naive Windows users to copy what they do on Windows and simply run as root. It should be possible to enable the root account anyway, but I suppose those same Windows users would be unlikely to attempt that first.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  4. #19
    Registered User Jaqui's Avatar
    Join Date
    Feb 2005
    Posts
    416
    the real issue is that the sudo password is configured to require a non root password for system administration.
    with root account disabled, there is no root password to put in for sudo.
    ths means that there isn't an administration password different from the non root user, making it a more fragile security model than the Ubuntu development team wants to admit.
    they actually claim that all unix system admns are disabling the root acount and going with the same model, which I find extremely doubtfull.

    then we can continue to rip their design policy of bloating the system with unneeded services.
    [ bluez-utils when no bluetooth devices are on the desktop system, laptop utils on a desktop system, GNOME, with it's absolutely insane requirement of samba client*. [ who in their right mind would even be running windows servers when windows desktops are so fragile as to be utter insanity to use? ] firefox, required?!?![ try removing it, it un-installs the entire distro, making the system useless. ]
    as I mentioned earlier, can't have any other linux partitions on the system when installing ubuntu.

    essentially Ubuntu is designed for those who have more money than brains and can throw hardware resources into the system to fight off the bloat lockups and slowdowns, not designed for any real world use.

    * 100% linux network, zero acceptance of ms support products or protocols in it. MS can start using the international standard tcp/ip for their client-server connections instead of some proprietary format.
    Quote Originally Posted by Jeff Henager
    If the average user can put a CD in and boot the system and follow the prompts, he can install and use Linux. If he can't do that simple task, he doesn't need to be around technology.

  5. #20
    Supermassive black hole cboard_member's Avatar
    Join Date
    Jul 2005
    Posts
    1,709
    Has anybody tried Freespire yet?
    Good class architecture is not like a Swiss Army Knife; it should be more like a well balanced throwing knife.

    - Mike McShaffry

  6. #21
    Registered User
    Join Date
    Sep 2006
    Location
    New York, New York
    Posts
    19
    I think personally I'm going to be sticking with Ubuntu, I'm just gonna get my Notebook from the sales site originally posted. If I got a notebook from there though, would I be able to (In the future) over-write Ubuntu with a more advanced Distro?

  7. #22
    pwns nooblars
    Join Date
    Oct 2005
    Location
    Portland, Or
    Posts
    1,094
    Yeah you will be able to, one thing is, make sure your college wireless is linux friendly. My girlfriend's college wont let you connect to the wireless unless you are running some program that is Win/Mac only.

  8. #23
    Registered User
    Join Date
    Sep 2006
    Location
    New York, New York
    Posts
    19
    To be honest I'm not even sure if the school has a Wireless Network; It's a trade school, and I have yet to go to the actual campus yet (I plan on visiting sometime during Christmas Vacation). When I go I'll ask about the Network.

    I've never heard of a Network that requires a program to get into though, most of the time it works through Wireless cards or built in wireless adaptors. I just hope that's the case with this school.

  9. #24
    Registered User divineleft's Avatar
    Join Date
    Jul 2006
    Posts
    158
    If you're new, go with ubuntu. If you jump right into slackware you are going to become so confused and frustrated that it won't be worth it. I recommend easing your way in.

    I personally use ubuntu because it's the only distro that supports my graphics card (ati 9250) and I can't get a new one because I have no pci X16 slots

    I hate dell.

  10. #25
    Registered User
    Join Date
    Jul 2006
    Posts
    111
    Im not sure about this whole root ubuntu stuff. I ahve only been using ubuntu for a bit now (great distro) and from what I have gathered, root is simply disabled by default. You can activate is simply by typing "su" and then your password. How this makes it more prone to malware, I do not know. Last I checked, there was only one known linux virus (I assume that includes malware?), so unless you are going to some really bad sights, you have nothing to worry about.

  11. #26
    Administrator webmaster's Avatar
    Join Date
    Aug 2001
    Posts
    1,012
    ths means that there isn't an administration password different from the non root user, making it a more fragile security model than the Ubuntu development team wants to admit.
    I must be missing something because I don't see how this is the same as Windows having users default to Admin privileges. The fact that the user has to enter his password to execute a command with elevated privileges is a very big distinction since it forces the recognize that some sytem internals are being modified. In Windows, when you're running as admin, the script just needs to be initiated by the user, there's no requirement of having the user enter a password. I don't see the distinction between a "user" password and a "root" password since in most cases that we're talking about, the user is going to be the person who's also admining the box, and if you don't want a user to have root, leave them out of the list of sudoers.

    On the other hand, if you did have a root account by default, I wouldn't be surprised to see people decide to log in as root and then you get no protection. All in all, seems like a reasonable approach to me.

  12. #27
    Registered User
    Join Date
    Jul 2006
    Posts
    111
    Quote Originally Posted by Jaqui
    ths means that there isn't an administration password different from the non root user,
    I must be missing something. In the terminal, you can set different passwords for the "administrator".

  13. #28
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    I must be missing something. In the terminal, you can set different passwords for the "administrator".
    In Ubuntu, you have to enable the root account first (or rather, at the same time).
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  14. #29
    Registered User
    Join Date
    Jul 2006
    Posts
    111
    Quote Originally Posted by laserlight
    In Ubuntu, you have to enable the root account first (or rather, at the same time).
    Yeah,but how would this cause security risks?

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. How to set File Version of VC++ 6 dll
    By mercury529 in forum Windows Programming
    Replies: 3
    Last Post: 12-08-2006, 02:49 PM
  2. installing linux for the first time
    By Micko in forum Tech Board
    Replies: 9
    Last Post: 12-06-2004, 05:15 AM
  3. which linux version should i get?
    By Geo-Fry in forum Tech Board
    Replies: 14
    Last Post: 12-09-2003, 10:02 AM
  4. Linux Under Windows
    By Strut in forum Linux Programming
    Replies: 3
    Last Post: 05-27-2002, 08:09 PM
  5. linux vs linux?
    By Dreamerv3 in forum Linux Programming
    Replies: 5
    Last Post: 01-22-2002, 09:39 AM