Personally, I have no problem using sudo.
Geez will there be a torrent of locusts or something coming next? Mario and I finally found something to agree up ^__^
As for Kennedy being smarted than folks on the SELinux team (and I was more referring to the original OS designers) I guess we will have to take you word on that one...
Btw, it's the second time you make that quote about Linus Torvalds, Kennedy. I don't think you ever understood the context. Let me explain it to you in few words so you drop it for good:
I don't need to know what Linus Torvalds thinks of spaces vs tabs. I don't care. Neither should you or anyone else, when it is common knowledge one or another are either a personal choice or an imposition at your working place. So, for all purposes as far as answering the question of what is best, tabs or spaces, Linus is a nobody just like anyone else.
In fact, Linus is a nobody on many other things he wrote or opinionated about before. But that's cool. So am I, you and everyone else. The issue is not the debate. But the fact some people actually think that quoting Linus Torvalds on tabs vs. spaces is going to actually give some strength to one side of the fence.
Is it clear now?
I don't run linux/unix, but in Windows XP, I use the administrator account only for installing software and changing system settings.
For everything else ie. work, internet, games, I use a limited user account, which can't install any software, or change fundamental settings, other than their own basic settings like screensaver.
I've never had a virus, trojan, malware.
Ah! You got me there :p
surfing porn* either.
As for Mario F., I really like him or I wouldn't argue so much ;) but he does come across as a "linux hater". His assertions that the whole thing is somehow untrustworthy again fits in with those patronizing assertions that lean heavily on the <i>implication</i> that it is in reality "experimental" or a "fringe operation".
This kind of ignores the FACT that MOST of the INTERNET is run on LINUX.
Maybe "most of the internet" still is experimental and fringe, but I continue to give it credits for effort ;)
I do accept that running as root opens up some security issues. But, as with many things, I count myself in a minority here and so can also count on these facts
1) that most users DON'T run that way and so board idiots will not spontaneously target them in their board idiotic way, they will be out trying to sink MS ships.
2) I have like 3 usb keys I cycle thru for backups, plus CDs, and remote storage, all of that near daily with things that are important to me. Also, I have a FLOPPY DISK drive and have never written code longer than 1.44 mb source, and could care less about anything that isn't code.
I don't run SELinux on my primary install. What's more -- I don't have ANY secondary users and sudo is NOT EVEN INSTALLED. I do have them on the more normal installs I use for testing. Come get me ...or get real ;)
*actually this one's not really porn, but the formation with the 3 of them about 3:20-4:15 is what I would call philosophically beautiful
THE SYSTEM IS YOURS. YOU ARE THE ROOT.
It's dinner-time around here but like Ahnold says, I'll be back.
Busy watching Avatar on the wide-screen... ^__^
Here is something shedding light on the package system for the curious: Debian - Wikipedia, the free encyclopedia
And I had unstable and testing switched (D'oh). And now Lenny is the latest stable. So behind the times I am. In any event I do have faith in the package maturity system, it has stood by me when the whole RPM system sent system after system up in flames. But oh well, it works for us...
This is all fine. But security concerns aren't interested on best case scenarios. Best Case Scenarios are in fact pretty much useless for about anything -- from security to deciding how one should develop their data entry UI.
I do not deny the added benefits of Open Source software in terms of code security and stability. Most of it spawns from a single factor: Peer Review. Something that is impossible on closed source. But let us not pretend all software is created equal, that all open source projects are created equal, or that in fact the same project is immune to changes in mood or to gross mistakes that someone somewhere may pay dearly.
If Open Source history is not exactly rich in horror stories about unchecked malicious code being injected into the development process by some contributor, this is by no means evidence it can't happen. Mostly because it's rather easy to observe that it CAN indeed happen. We all have seen rather abusive bugs (an by abusive I mean "how exactly did no one seen this before!?) on projects as respectable as Mozilla's or Apache's. The same irresponsible behavior that lead to unchecked submitted code could potentially be explored by a disgruntled contributor. And there are disgruntled contributors. Are there not?
And on smaller scale projects, on dying projects or on projects under a bad management (yeah, because open source is a lot more than just the big players), the opportunities for malicious code to creep in are higher.
Why we don't hear about it, then? I'm sure there are stories. I may entertain myself trying to browse the web or USENET for them. But sure they aren't common. However they aren't probably common because Open Source is still a rather small portion of the global development effort. It is also still -- and thankfully -- mostly a work of passion. It is also a known danger and actively checked and finally, there isn't really enough motivation probably. The same reason probably why Linux has so few virus.
But most notably, my beef with many Open Source projects (and that underline I hope clears once and for all your misconception of my constant criticism) is what I perceive to be a constant increase in the weight being put in the user shoulders. More and more I observe that many projects shift the responsibility of code testing to the end user, leaving the developers the sole task of creating new bugs and fixing old ones. In that order. The notion of users as only... you know, users of a piece of software is being thwarted and many open source projects seem to want to prey on their users workforce, more than they probably should. You really cannot expand the Open Source concept if you demand this type of task from your users, because granny, joe and marlene don't make good software testers. And granny, joe and marlene are the vast majority of users.
I go as far as to say that on many occasions submitted code is not verified at all and there is a conscious decision that the results are to be observed on bugtraq or by user bug submissions. This is more true as the project gets bigger, more mature and with a wider (read, impossible to properly manage) number of contributions. This is the only way I can explain the level of some of the most inane bugs that have been found on popular open source projects, or how certain projects can take years to fix a known bug with multiple bug reports (and here, I'm thinking of a certain bug on a simple macro in boost::filesystem).
In this scenario, more than malign code, is good code I'm afraid of. And so should you.
I doubt very much the programs you run need access to the entire machine. There are many permission schemes available, why not use them? You've pretty much just chucked the idea of "groups" and "users" out the window. As well as wasting space by storing file permissions :).Quote:
It may not need root privileges, but I do. (The only problem with this one is GUI's must run as the same user as the X.)
And the "trusted, I looked over the source code myself" stuff is BS. Consider a small bug in Firefox that allows code from web pages or images to be run. It's bizarre to give Linux all this praise, when you're not using a large chunk of what made it successful (Granted it wasn't specifically Linux :)).
You guys focus a lot on malicious code and hackers and evil doers. Are you so divine in administrating computers that you never make mistakes? If you have the least privileges you can do the least harm. Even unintentionally without anyone being evil. "Never attribute to malice that which can be adequately explained by stupidity".