What would you like to use ReactOS for?

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

What would you like to use ReactOS for?

Multimedia/Gamming
79
48%
Network Server(web/ftp/smb/dhcp/telnet/other...)
18
11%
Desktop/Office
52
32%
Other
16
10%
 
Total votes: 165

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

OpenNetware is a Linux server these days called Novell Open Enterprise Server.

Windows Server and Linux Servers are exploitable if setup wrong.

Reactos in time could have a market in servers. CAL(Client Access Licences) the problem of most Windows Server installs. Linux no counting only limited by what hardware can do.

Also License restrictions on moving Windows Server OEM from one machine to another after and burn of server. Another problem.

Windows is also Expensive to cluster. Thinking clustering is how you get 100 percent up time.

Windows Servers are not able to shut there GUI completely down. This is also a resources problem.

None of the Defects above does ROS have to have.

Selection of Distro is critical in linux. There are distros for complete clueless that do get servers setup right. Novell Open Enterprise Server is one of them.

madmax69
Bear in mind that a whole new generation of hackers and script-kiddies are growing-up primed to attack Linux so the perception of it as a bullet-proof O/S may change in the next few years.
Please don't quote dead arguments. Security in Linux has not evolved passed Windows for no good reason.

Linux is not less attacked than windows. Most likely more attacked. Difference is how effective the attacks are. You brake a Web server under linux you don't have the system. Selinux and other security systems break the system into section by section so a breach is not complete. This year its marked for a new level of security to become part of the Linux kernel, Virtual Servers. Thinking this has only been around as a kernel patch for 8 years. Not really a requirement permit requirement up until now.

Vista Server should a long last see the number of Windows breachs drop to a more acceptable level. Problem is injection protection in windows is only for DRM parts. So its still weaker than linux. Injection into running processes on linux systems are simple to block. Selinux can even take away root users right to do it.

And please don't say signed programs are exactly a help. Signed kernel modules and applications have been done in linux before as patchs. At this time that security level is not needed. Also the linux signing is stronger than windows signing. Guess why. Each machine/network had its own key pair. Windows is too Mono Culture for its own good.

Final and last move of Linux security is embed kernel in motherboard bios chip. Even taken that on locally is a pain in the but if kernel in bios will only load signed parts. Only way is to break open the hardware and rewrite bios.

Attack linux at your peril. All you cause is evolution. Quick evolution because the tech is just sitting there not being used.

Reactos should be able to hammer Windows into the ground on security in time. Unless admins are giving the power they should have to protect there programs from injection and other attacks.

madmax69
Posts: 51
Joined: Mon Jan 01, 2007 12:36 am

Post by madmax69 »

Okay oiaohm... you've covered some interesting points and I feel obliged to respond a little to clear up any ambiguity in my post although I thought my posting was fairly precise. Let's try again...
OpenNetware is a Linux server these days called Novell Open Enterprise Server
And your point is??. Who cares? I included it for a broad comparison.
Windows Server and Linux Servers are exploitable if setup wrong.
Which was my entire point. Which is more significant to O/S security the code in the O/S or the person setting it up?. It is a bogus argument to assume that either is "better" than the other without saying better at what. The dervative of this argument is known in engineering as the "Short circut between the ears" being the biggest problem.
Reactos in time could have a market in servers. CAL(Client Access Licences) the problem of most Windows Server installs
Indeed, yes. I sincerely hope it does. As I've always said - Linux can make a good server O/S in the right context and I hope that via SAMBA ROS will make an excellent client. But you don't HAVE to have Linux if ou want a server!.
Also License restrictions on moving Windows Server OEM from one machine to another after and burn of server. Another problem.
I thought I had made this point pretty clear - esp. for non-corporate users who's funds aren't bolstered by annual tax-rebates on IT spending. I agree with you.
Windows is also Expensive to cluster. Thinking clustering is how you get 100 percent up time
No one mentioned clustering. Clustering is a side issue. Few people other than corporates will be interested in clustering. It's a bogus argument to dredge that into the relevance of ROS as a server platform. I am not even sure if there would be sufficient indidivuals interested in clustering for ROS developers to worry about it unless it was a field they had a specific interest in and wanted to follow up for some reason. Perhaps someone might want to start a poll and ask how many people run clusters at home?. I managed to get one Vax VMS box but that's hardly a cluster lol!
Windows Servers are not able to shut there GUI completely down. This is also a resources problem.
Not sure what the point of this comment is unless it is addressed to a specific context. Without contextual reference I can't really follow the point. I don't know many IT managers who would see the ability to shut down the GUI as a benefit and I now plenty who would see a no-GUI O/S as a drawback. But that comes from real world experience.
None of the Defects above does ROS have to have.
I'd agree other than defects introduced by the person setting up any system. Again, which was my specific point. An O/S, regardless of whatever technical capabilities are claimed, is only ever as strong or secure as the person who set it up (hence as good as the distro also). It follows from this that Linux is not a "better" O/S than any other since all O/S are dependent on a human to configure. Get my point? If not, ask what is the weakest link in any security?. Linux is no guarantee of these issues being inherentily any more "fixable".
Selection of Distro is critical in linux. There are distros for complete clueless that do get servers setup right. Novell Open Enterprise Server is one of them.
I think you've misunderstood my point and are running off the rails here. My point was to answer the comment below ...

Code: Select all

 for servers you need linux, or unix.
This is not true. For servers you do not NEED Linux or Unix. It is an unsubstantiated blanket claim. Otherwise you might as well abandon any ambitions for ROS to enter the server market. I certainly hope to be running a ROS webserver soon!. What does or does not make a good server O/S depends on a wide variety of variables, the most important of which revolve around the client's own requirements spec. (as again I think I clearly pointed out). If you're running away with the purely technical argument and ignoring the customer you're missing the most important issue.

There is a common and wide myth in Linux circles that neither Novell Netware nor Windows can operate as a useful server environment. A former client had 15,000 users hosted on Novell and was one of the largest Novell customers in Europe. Another had around 8,000 and found Novell idea. Both these also used Unix as well as mainframes AND Windows - but the most important point was they selected each O/S for a specific and appropriate task. There is no notion in the business world of Linux being "better" than Windows etc... just more appropriate in given circumstances.
Please don't quote dead arguments. Security in Linux has not evolved passed Windows for no good reason.
Ignoring the double-negative for a moment. I think that argument equally vacuuous. Each have different security models. Linux technical security issues are issues with Linux not Windows so there's really no base for a close technical comparison - and without specifying which version of windows or specifics it means zilch.

The point I am addressing here is that security is not a static issue nor is it entirely dependent on the software. If you think that all Linux security problems are "now resolved" I am afraid you're mistaken. Bugs will continue to emerge. A false sense of security is dangerous and precisely why I believe that Linux will see more exploits in the future than in the past. Any blind confidence held in the superiority of Linux over Windows or Windows-equivalent O/S's such as ROS may be shattered to a degree when the next generation of Linux-happy kids get busy and more reckless home-users start abusing Linux.

I am sure that most people can get what I am saying here. The only counter-argument - if, for argument's sake, one was to stack the Linux community against Microsoft - is that the Open Source (Linux) community can react faster and since the source is published weaknesses can be fixed rather than "sat on". Hopefully that will also be a strength for ROS to build on.
Linux is not less attacked than windows. Most likely more attacked. Difference is etc. etc...
Technicalities aside, this boils down to the old "root access" argument. Human engineering - most likely via web apps - forms the best point of access. If you can persuade a user to breach security then it is no longer his machine. We also have many distros which run as "root" so, whilst I agree with the "good versus bad Linux" assertion, the fact is that such distros are out there in significant enough numbers for it to be a problem. The only way around this is to selectively ignore "bad" Linux distros and conveniently eliminate them from the argument. On that I'd have to side with Microsoft and say it's an unfair counter-claim.

I argued the case for Linux with a VMS colleague a couple of years ago who put me seriousy straight regarding the weaknesses of un-hardened Linux versus other systems such as VMS or Novell. On reflection I had to agree with him.
Attack linux at your peril. All you cause is evolution. Quick evolution because the tech is just sitting there not being used.
Selective evolution is a very good driver. I see no reason to knock any Windows-like O/S since they're subject to exactly the same driving force. The "kiddie" phenomenon gave Microsoft an excellent wake-up call and without virus and script writers few can doubt that Windows would be even half as strong as it is now. A good few security breaches can also work wonders to jolt comatose IT departments or at least panic their Finance Director bosses!.

The interview with Peter Gutmann at http://www.grc.com/SecurityNow.htm is worth checking out regarding signed drivers etc. and improvments in Vista I tend to agree with Steve Gibson's views though. Again, you can have the best and most improved O/S in the world but if you cannot afford financially to upgrade to it every 3 or 4 years then by definition it is useless to you. I cannot afford and will not upgrade to Vista.

Discouting the theories and back to the practical world. I see very few cases where Windows of any version becomes unsecure due to inherent flaws. It rarely ever gets a chance to get that far. All too often I see Windows desktops AND servers (or services) running as Administrator and/or non-literate end-users installing their own software and bypassing sensible security which would apply to both Windows AND say Linux!

In the past 12 months I have seen the following horrors...
  • Legal-type UK company purchase business-critical office software to run on XP which requires full administrative access after being badly-ported from a BSD telnet application.

    A complete mess made off an office's XP LAN after being swapped from Workgroup to partial SAMBA domain emulation by a Unix-based software company who had no interest in Windows client security and spent an average of 3 minutes on each Windows client before leaving site. Business lost due to continual problems with Unix/XP interfaces.

    Catching an employee part way through the installation of remote control software on a high-security PC after a sales person "cold-called" to "demonstrate" some wonderful new software which would intercept all of the company's emails.

    Windows security features turned down, off or otherwise disabled or crippled as companies are not willing to provide staff training.

    Windows security compromised because companies are not willing to budget for time to apply the required configuration.

    Windows security compromised because companies are not willing to traing and/or appoint staff to act in the role of local network admin.

    Companies with zero IT-literate staff on site and minimal or no contracted support.

    Windows left open to attack due to unwillingness to purchase or budget for the install of either firewall or virus software.
The bespoke software company with the BSD SAMBA domain issues would have been better migrating their product to XP and there would have been no relevant security issues in the particular company using it, instead there is a tangle of NFS mapped drives, XP-SAMBA authentication, Administrator logings, faulty domain authentication and root/admin passwords left around in the office printed on paper in full view of customers because the client dpes not comprehend the technology any better than the vendors. BSD Unix did nothing to help secure this system. Bear in mind also that this vendor is one of the UK's largest in it's own field!.

I think you might see where I am going here - I deal with real world problems which cause people to lose jobs and companies to go bust or get sued. I go in and pick up the pieces after they do stupid things then blame Windows (or maybe Linux!). In this world, what makes a "good" O/S of any kind is very different to the one far too many people imagine to exist.

None of the above problems would be fixed by free software of any kind and no O/S would be "better" than another except in the minds of the loyal fans. The only O/S which would be "more secure" in such a context would be one which stopped the company doing their daily business. In such cases the consultant would be fired and they'd choose another (possibly weaker) O/S.

If you think these scenarios are confined to tiny "cowboy" companies as well please think again. I've seen the same sort stuff in some of the UK's biggest companies (and my NDA means I can't say who! :oops: ).

An operating system is not a panacea for IT security issues and you do NOT need Linux if you want to run a server! (that's my two-penneth's worth! :P)

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

Administrator and/or non-literate end-users installing their own software and bypassing sensible security which would apply to both Windows AND say Linux!
Give me a windows XP or 2003 limited account and 30 secs with my programs. I will be System User not Limited any more. God dam back door into system not patched. Put me in a normal user account on Linux and I am not getting out that fast. Unless someone really stuffed up the configs or system is not patched. Almost all Windows NT OS's have been a lemon from a Security point of view due to critical unpatched holes.. Vista might be different. It would be interesting to see if a program I wrote in 1994 still allows me to change to any user I like in Vista. Please note I reported it to them in 1995. So since its 2007 and its not patched I am not exactly happy with them. I want this hole patched for good in ROS even if Microsoft will not do it.

BSD Telnet. That is declared not to be used in all security systems. Nothing I work with is built from something like that. Even upgrade my d-link modems to ssh.

Ok one lemon Samba operator. 3 mins each client that is about right for my installs. The configures of client gets pushed from server including updates just needs a few little programs installed. I will be happier myself with Samba 4 where I don't need to use the interface programs and can just use a ADS.

Lack of Security training to staff what is new. One of the first things I do when I take over a admin job.

Question Why does Windows start with such bad defaults. Linux User account does almost everything bar install of the start line. So no problems with people refusing to use the contained account.

My main annoyance is the Idea that Linux boxs are not getting attacked. Because that is completely false. "Bear in mind that a whole new generation of hackers and script-kiddies are growing-up primed to attack Linux so the perception of it as a bullet-proof O/S may change in the next few years." That is almost a Microsoft Conf Quote from about 1998. It has never come true and never will. Anything doing money transactions will be attacked.

The main Linux kernel has so many security features. If you are truly under attack there are special patches for the linux kernel that add signing and other security features if needed. If Linux keeps on been attacked hard enough that it becomes requirement to have the special patches. Then they will become part of the default default. Most of the time the next level of tech in security in linux is just sitting there read to go. The difference.

Also holding back some protections in reserve means cracker may not have tested against it. So when the protections get applied cracker gets traced.

Note the "kiddie" phenomenon was over for linux by about 2001. Then the annoying kernel rootkit people started. Vista risks the same thing. Windows is about 6 years behind. The kiddie problem stated on windows due not fixing the attack called the ping of death. It effected all OS's Linux was patchs by 1996. XP is not even patched today. Only reason it does not work on XP is that the firewall blocks it. Turn of XP firewall and get a ping of death program and laugh.(Ok a little bit too serious to be laughing about over 10 years without fixing a security hole.)

If you leave holes you grow "kiddies". Its the price of providing effective attempts to give "kiddies" the thrill of the break.

The kernel rootkit people are the one uppers to say the OS still can be cracked. Windows people don't know what it's like to be on the end of them yet.

madmax69
Posts: 51
Joined: Mon Jan 01, 2007 12:36 am

Post by madmax69 »

Give me a windows XP or 2003 limited account and 30 secs with my programs. I will be System User not Limited any more. God dam back door into system not patched.
Ermmm.... I think I made it clear that in what appears to be the majority of cases you can walk right up to any Windows PC and see it running as administrator so there's nothing really to hack from the get-go!. If you have access to a "restricted users" acount then, yep, you can also get in if you have access to the terminal but I guess this depends how you make the rules of the game here. Using the same rules of "access to the PC" I can get access to a Linux terminal in one way or another and depending if an EFS is used on the disk and as long as I have access to the box. At home I can mount my QEMU Linux volumes and explore e2fs even in Windows. This proves nothing about security of course - one way or another. If you want data secure on either system use an EFS this is a user/admin issue not an O/S issue as with many other issues surrounding the debate.

Whether it particular security features get's patched in ROS may depend on the same balance or risk factor versus costs (in programming man/hours). i.e. if someone thinks strongly enough its an issue to spend a few weeks coding I guess it will get done. With so much work left to do on the basics and relatively few volunteers I can't see it happening for a while.

Telnet is fine for company internal apps and infinitely preferable to writing a bespoke Win32 application which emulates the previous telnet dialog by "painted" forms to try to make it look the same. (Most bizarre!) The company I referred to also had the resources to "ssh" the older app since the host server was BSD but obviously didn't deem it feasible either in cost or logistics. I have never came across (or met anyone who has come across) a case of a private telnet system being abused so the risks may not factor out in real life. That comment even goes back as far as the days of DEC terminals and VMS All-In-One email over serial cables for entire sites. Theoretical risks don't always carry over into real life. I guess a secret agent or spy could infiltrate a company premises and hack into a serial cable but if you get onsite there are far easier ways to do the job. Just ask someone for their password perhaps?.
Ok one lemon Samba operator. 3 mins each client that is about right for my installs.
Unfortunately they forgot about local machine NTFS access rights and assumed the Unix box security was the "be-all and end-all". This left previous users accounts with no proper rights to their own files since account names and profile paths had changed, it left an MD unable to see payroll spreadsheets on his own PC. It led to multiple versions of company-critical files being created and loss of data. No thought was given to existing data or backups or a migration strategy. It led to the new "hodge-podge" Unix/Win app breaking because it copied security-critical user data over an NFS link via a Win32 batch file in plain-text and dumping as temporary files on the hard drive to be picked up by the app (carrying over the Linux scripting model to Windows). It meant the application software broke when users decided to use another PC because there were insufficient file-rights to copy data to be picked up by a MS Word macro for production of legal documents. It meant clients were given paperwork with wrong/confidential client information on it. It meant client-confidential data sits on the hard drive and is available to any Admin. It meant the users had no proper roaming profiles - and issues such as user's changing their own password hadn't been even considered so everyone had the same default password from day one on the install!. The MS Word print macros made the wrong assumptions about networked printers. Need I go on? (ooops!!)

I am sure there is an important lesson somwhere here and I've every confidence the installers thought 3 mins per PC was enough. I got called in when the employees were threatening to walk out as the cockups were being blamed on them. Carrying "safe" design paradigms over from one O/S platform to another can expose weaknesses in the secondary O/S where such concepts are simply not compatible. I wonder what willl happen when those millions of Win32 programmers start to code Linux apps?
Lack of Security training to staff what is new. One of the first things I do when I take over a admin job.
I sincerely wish you the best of luck but you may have the kind of shock I got when I moved into real world support!. You may find you're spending your own lunch breaks running training courses and you will receive no thanks.
Question Why does Windows start with such bad defaults. Linux User account does almost everything bar install of the start line. So no problems with people refusing to use the contained account.
In a word - marketing. It's almost certainly what around 90% of Windows users want. PCs have now become an expendable commodity which means their usage profile needs to match. The best analogy I can make is to use motor cars - i.e. you can't understand why everyone doesn't want to buy a SAAB or VOLVO and might even consider forcing everyone to buy a SAAB if it were possible to do it. Yet the reality is that most people really want a cheap FORD or PEUGEOT vehicle and have really no interest that the exhaust valves of a SAAB are made of super-special titanium alloy or incorporates safe aircraft design. To translate that metaphor back to an O/S most people want something cheap, simple, easy to use, graphically intuitive and with a reasonable balance of security v's usability and for security NOT to get in the way!. PCs are now expendable for the wealthy and I've literally seen PCs thrown away which simply needed a Windows reinstall.

I am really quite confused as to why Linux fans can't see the issue here maybe it's a personal over-attachment to the cause. The biggest potential and future user base for Linux DOES NOT CARE - their PC is just a tool to them and when broken it will be junked with no tears or sentimentality. Although I can't afford to regularly replace my own PCs at each Windows release you can now get a PC for around £100 (say under $200) - with Linux of course (easily.co.uk - eSys PC). At that price it's cheaper to throw it away than hire an expert to fix it.
My main annoyance is the Idea that Linux boxs are not getting attacked. Because that is completely false. "Bear in mind that a whole new generation of hackers and script-kiddies are growing-up primed to attack Linux so the perception of it as a bullet-proof O/S may change in the next few years."
I never put forward the idea that Linux "never gets attacked" - that would be stupid. What I'd say is reiterate that the widespread claims of being uncrackable or "100% secure" which one sees all over the net may change as it's use becomes more widespread and ingenious individuals pay more attention to hacking it than hitherto. No system which is used by humans is 100% secure.

So far I have met NO individuals who have grown up with Liinux instead of Windows and met plenty who spend their days phreaking Windows boxes. for fun. Yes, that may be different in other parts of the world to the UK. which might explain the high proportion of intrusions I see from China or South America. Windows currently has an undesputable coverage of around 95% of the PC user-base. If that changes then it is difficult to argue that patterns of attack won't also change. After that is accepted, the only argument for Linux is to assert that there are NO undiscovered bugs and that NO regression bugs will ever emerge in the future. I find that belief hard to support and it doesn't match my real-life experience. There's always going to be another bug somewhere and there's always a probability it may expose a catastrophic security hole.
The main Linux kernel has so many security features. If you are truly under attack ....
But this comes back to two points. That well less than 5% of PC users currently use Linux, and that of that less than 5% these will be careful and security-conscioius users not the average PC user who really couldn't care less and does everything you tell them NOT to do!. I'ts a circular and self-supporting view. What happens when a flood of illiterate and reckless people start to use Linux at home or in offices. What about user-software released onto the market which purposely breaks secuirty in order to improve the "customer experience" etc?. What if (God forbid) Microsoft releases IE, MS Office or other apps for Linux and decides as always to do things "their way"?. Ouch!. :O
Also holding back some protections in reserve means cracker may not have tested against it.
Thats quantative versus qualitative logic. It's a non-sequitur - it doesn't follow that holding back some protection makes a system safe. Security is a qualitative not a quantative issue. You can't necessarily make a system safer simply by throwing more security at it. Thats the most popular and mistaken 21st century paradigm which translates into "safety phobia" and a raft of other social ills.
So when the protections get applied cracker gets traced.


Again, not relevant for net attacks due to the huge range of infected "bot" PCs which are innocent virus-infected PCs.. (yes, probably Windows!). Tracing a bot is of no use whatsoever other than to ask an ISP to ban the user. That isn't going to happen.
Note the "kiddie" phenomenon was over for linux by about 2001.
I will go to the "bookies" on that one and make a bet that it's not over and if Linux gets any kind of significant market presence (say over 25% global market share) that weaknesses will come from unexpected quarters. My best guess will be broken application software or drivers which break various rules in the same sort of way Microsoft does by doing their own thing rather than sticking to standards. Conscientious volunteers writing software is not the same, security-wise, as fly-by-night companies writing sofware for a few quick bucks. How many mass-market companies are there cashing in on Linux at the moment by writing shoddy software at the moment? (not many!). If you can persuade a human user to install something on their PC (or server) which compromises security then the system is no longer secure.

The other possibly may be combined with web applications which apply installable controls akin to those of IE. I suggest this as I recently found that browsing in Linux required "su" access and running a shell script to install a browser control to access a site (might have been RealPlayer if I remember correctly) - this sucks and would not be accepted by non-Linux fans used to a point-and-click install from the browser. Selective pressure would lead to this being automated and you could probably guess at a Microsoft-style solution to get software which requires su or root access on the PC to get an installable component working with the least fuss.

Just to underline that - I'd point out that general PC security attacks (yes, that 95% Windows percentage) are now accepted by law-enforcement organisations as being run by organised crime hiring some of these bright and intelligent kids. Hardening the O/S has led to an increase in exploting human-engineering as an alternative to compromise systems in various ways. You can see the same selecetive pressure with the adoption of chip-and-pin or biometrics which is leading in the UK to an explosion of identity theft and losses by UK clearing banks accepted to be totalling some £98M per annum as criminals simply change their strategy within a new and supposedly "uncrackable" system (but they don't like to talk about that)!.

This is not a case of "Linux-bashing" on my part - I sincerely DO WISH that Linux were geninuely useable and had a bigger market share and is why I have my hopes pinned on ROS. I have wasted probably several hundred hours of my life enthusiastically evauating Linux distros from Puppy, DSL, Slax to Gentoo and SUSE (probably around 50 in all) and have yet to find a distro which doesn't have something so annoying, so slipshod in overall design, so futile and irritating and pointless that I wouldn't gladly stump up money to fix and put right. But of course, then I'm faced with the ugly truth that if I'm going to do that then I might as well give up and buy Vista as it will contain the minimal number of annoyances :(

Perhaps the only real insight I've manage to have which cuts through my own confusion at where Linux ppl are going wrong here is that I KNOW that one day I will die. I know I don't have years in front of me and that life is very very short. In fact life is just too short to spend tweaking with an O/S in order to use it - regardless of how technically outstanding it is - *UNLESS* O/S design is your hobby and passion. If you are under 25 years old and imagine you'll be the first person to live forever (a noble attitude when you're 20 or so - but trust me it will change) then you may be perfectly happy to while away the hours tweaking PERL scripts and devising workarounds for lack of useability and marvelling at wonderful Linux kernel security. For the remainder of the human race life marches on fast - and if the correct balance of security and useability doesn't result in an O/S as a tool which does the job in a reaonable amount of time then it's toast!. Heck, I'm even looking at ROS as a potential disposable/throwaway VM O/S. Keep regular automated backups and if it breaks just restore it in a few minutes. Guess I had better not even mention conceptual web-based O/S ideas like GoogleOS!.

This is why I guess people will continue to buy Vista even if it sucks?. Maybe this might help others understand why the rest of the world just shrugs its collective shoulders when they throw that PC in the dustbin?. ;)

Tachikoma_Pilot
Posts: 107
Joined: Fri Sep 08, 2006 2:56 pm

Post by Tachikoma_Pilot »

i just wanna watch my anime without being bothered by windows.

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

Its a was lemon Samba operator who forgets about configuring NTFS permissions on clients from server (yes its doable). 3 mins at the client is more than enough to installed what is needed needed. Then doing the final on all clients from the server. Either they missed doing the final what includes pulling profiles from clients into server. Password changing is a server option. Roaming profile is a server option. More you say more incompetent the Linux Operator was. No Server will operate correctly in the wrong hands.

Also you have see a good example why security gets bypassed by users.

If users cannot do what they need they will bypass the security making a bigger and bigger mess.

Linux systems don't have problems very often with people running as root user(Linux Equals to Administrator). Since all normal applications work in the normal user account except some disk error correction tools that run from init scrips anyhow. Lots distro's use locked themes if you login as root using X11 so no customizing users hate this very quickly. If not that the Distro does not let you login as root graphically.

Your logic is based on the fact that there are not companys like Microsoft now building crappy app for Linux. There are. Linux security is responding to them. Reason why Virtual Server support is marked for this year. The means to put a program in a location where it cannot see anything else on system than what it is ment to access and thinks it has highest access on the system when it does not.

You are thinking that Windows Problems are coming from numbers of machines. That is not exactly true. That is a Microsoft Myth. Nothing more. Please look at details on how exploits move threw Microsoft Machines. The sad bit the way they move threw a Windows Server/Clients has not changed much in 10 years.

Home user and Business are two different beasts.

That su on installing installable controls that is distro/admin setting. Its not needed with a few firefox options. Reason addons gets installed in you home profile in your home account without needing su and jailed if need with the right options. Not the niggle on su to install this is the price for making sure spyware/malware does not auto install. Most users find the niggle worth while.

I deal with a lot of people who find Ubuntu more friendly that Vista. These are people on there first or second computer.

What gets me is people point to minor niggles when they use linux. The main reason why I cannot deploy more Business Linuxs is so simple its called Outlook-Exchange lock in. This ends this year.

Only some samba scripts I do in perl and they will be gone from need with Samba 4. Bash more likely with the init system replacement used in more distro's even reduces that..

Note I am quite a bit older than 25 years old. I don't have to do hours of tweeking. Most of my solutions are off the shelf parts mixed to produce what I use.

Stop using percentage as a argument. Numbers are not exactly the issue. Basic design defects in Windows causes major problems. Not providing a operation limited account has caused a lot.

ROS will take 3 year to make it deployable level. Linux is going to take 1 year. By end of year its going to be interesting.

samwise52
Posts: 119
Joined: Mon Oct 10, 2005 7:14 pm

Post by samwise52 »

so much bullshit....
Can you picture what could be? So limitless and free.. in need of your help ReactOS 0.4

madmax69
Posts: 51
Joined: Mon Jan 01, 2007 12:36 am

Post by madmax69 »

Its a was lemon Samba operator who forgets about configuring NTFS permissions on clients from server
Well... yes and no. This wasn't just the fault of one person although they should have at least pointed out the potential problems. It summed up the entire attitude of the company since the install. They don't see a problem even now. They have the client "over a barrel" so to speak and there are few alternative products in this field. I had to fix many issues as a 3rd party and this included leaving the O/S broken and insecure so that the company could simply do business and make money. What went wrong here was that a Unix mindset was applied early in the design stage to a different platform where it didn't apply. Ideas like: Hey, what's wrong with glueing apps together with scripts?, what's wrong with changing passwords at the server?, users always have access to write to the same places on Windows as on Unix or What's wrong with shunting confidential data over network shares from a database into a processing script?. The problem now is that to change all this would require a major rewrite of the app and that ain't gonna happen any time soon.
Password changing is a server option.
If thats 100% the case for SAMBA or SAMBA TNG (doubt it) then it leaves it "broken" as "secure" domain controller. With the app in question, the password can only be changed by two people onsite who have access to a bespoke app console, neither of who know what they are really doing. The console is unable to create consistent passwords between the Unix access and Win32 - they follow different rules. The obvious human problems will emerge as a direct result from not being able to set private/personal passwords in an office environment and change them frequently. Everyone still has the same password from day 1 of the install. My guess is that SAMBA CAN do this but it simply wasn't implemented. Nor were roaming profiles. I am reluctant to blame SAMBA here and I am pretty cure it's down to the Unix mindset being carried over inappropriately into a completely new and foriegn Win32 environment. Maybe they could have tried to make it really difficult and required that SAMBA is recompiled to change passwords?? (joke)
Your logic is based on the fact that there are not companys like Microsoft now building crappy app for Linux. There are. Linux security is responding to them.
No, I meant in *significant* numbers (not LT 5% market share). I already know of several commercial apps being produced for Linux - some not particularly good. Minimal numbers with commercial apps statistically insignificant compared with the huge number of of such flaky apps produced for Win32.

The example I gave was of an expensive (over $30,000 plus support costs) bespoke application which was "broken" from it's very outset. No amount of patching could do anything other than protect the O/S at the expense of the application. Of course that's not why companies purchase operating systems and designers all too often forget that. If I told a company that the O/S or O/S security was more important than doing business I'd be shown the door. If it's a "toss up" between runinng with a broken O/S and having the application work or applying all security patches. Putting the choice to a company doesn't take too much working out what the answer is going to be!. Recommendations and advice regarding security holes usually gets ignored until something bad happens.
If users cannot do what they need they will bypass the security making a bigger and bigger mess.
I think this pretty well entirely sums up what I am saying all along and the mess becomes even worse when lax security is sanctioned by management within a company when the O/S gets in the way of making money!. Far too often I've found that Linux won't let people do what they want and they immediately apply a "Win32 mindset" and look around for ways to break it so it "works". Hey... let's run as root? The better idea would be to ensure this doesn't happen. This mindset in users is a driving or "evolutionary" force which you've already pointed out yourself.
Linux systems don't have problems very often with people running as root user(Linux Equals to Administrator).
No comment. lol okay.... here's quick one

Code: Select all

% ls
foot.c foot.h foot.o toe.c toe.o
% rm * .o
rm: .o: No such file or directory
% ls
%
You are thinking that Windows Problems are coming from numbers of machines. That is not exactly true. That is a Microsoft Myth. Nothing more. Please look at details on how exploits move threw Microsoft Machines. The sad bit the way they move threw a Windows Server/Clients has not changed much in 10 years.
No. Just that numbers are a factor. What I am clearly saying is that exporting operating methods, design methodologies or basic mindsets from one area of expertise where they are entirely appropriate to another where they are not is a recipe for huge cock-ups - and that we may have quite a few to come yet. I've given one quite expensive example of entirely reasonable Unix concepts falling flat when transferred to a Win32 platform and it doesn't take a great leap of imagination to see that the reverse can be equally true. What I also say is - that the degree to which this will affect Linux or other O/Ss dependent on shared code will depend on the sheer weight of numbers of companies trying to do "silly" things to keep users happy. This is obviouly dependent on the size of the market and the degree to which Linux (or other free O/Ss such as ROS) can also become throwaway or expendable consumer items.
That su on installing installable controls that is distro/admin setting. Its not needed with a few firefox options. Reason addons gets installed in you home profile in your home account without needing su and jailed if need with the right options. Not the niggle on su to install this is the price for making sure spyware/malware does not auto install. Most users find the niggle worth while.
I asked my mum if she'd he happy running a shell script to be able to browse a website and she says "no". I called a couple of friends and they all said "no". Thats good enough for me.
Note I am quite a bit older than 25 years old. I don't have to do hours of tweeking. Most of my solutions are off the shelf parts mixed to produce what I use.
My comments were addressed to anyone reading this - just not you personally as this is a public discusion forum ;) However the fact that life is too short to spend hours fixing stuff is the claim I most often encounter and I'm still looking around for an answer to give critics and haven't found one yet.
Stop using percentage as a argument. Numbers are not exactly the issue. Basic design defects in Windows causes major problems. Not providing a operation limited account has caused a lot.
Sorry I can't make any sense of this. I don't see how this relates to anything I've said so far. 3 years of running my own Windows server have resulted in Zero problems from basic windows design defects but several due to harware faults or badly-designed software. If I get problems then I have performed a cost-benefit analysis which so far rules out migrating to Linux. I't cheaper in terms of time to do backups and plan for a total system restore.
ROS will take 3 year to make it deployable level.
Can't wait for ROS, but I can wait a bit longer for Linux :)

---

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

Pure misunderstanding. Commercial developers are not the only ones the produce bad programs. Some of the opensource ones make Commercial ones look like good. Open Source has some of the best software from a security point of view and some of the worst.. There are defense systems that can reduce the amount of damage a defective app can do if you know how to use them. Its a mix between Firewall Selinux and jails. Windows currently does not provide the required tools to deal with the problem.

Samba can 100% percent do consistent password simply done. Integrate into pam so passwd change changes samba password as well. Correct script interface from Samba will do the reverse set the password from setting it in windows client. Its server options if they are combined or split. Samba 4 is even simpler it has a ldap server in it you just tell the BSD/Linux to use that for its password store in pam and you are done. If SAMBA admins are still stuffing this up when Samba 4 is released nothing can be done to help them. The network you were looking did not stand a chance. Even from a Unix mindset it was wrong. Unix mind set is integration. It was not even integrated. I even use a random password issue system. Dead simple in the right hands. Note roaming profiles are simple to setup in samba than 2000 or 2003. It is the way a Samba server truly wants to work. So that config was even pushing against what Samba is built to do best. I get sick of people saying samba does not work. When all the problem is Samba operator problem.
This wasn't just the fault of one person although they should have at least pointed out the potential problems.
The operator was a lemon. If the company is doing the same the company is a lemon. Point out the potential flaws is critical. On top of that what you have said the server was never setup right. If I screwed a 2003 install up that bad you would not be give me any mercy. So why give some to that company and operator. Flick the right option in 2003 and you can block people from changing there password anywhere else other than the server too. The mess I can do with 2003 if I put my mind to it and choose wrong options.

Ok just a little thing I add to all users.

Code: Select all

alias rm="rm -i"
With that it asks questions before sending files to hell. Some Distros have that as default.
I asked my mum if she'd he happy running a shell script to be able to browse a website and she says "no". I called a couple of friends and they all said "no". Thats good enough for me.
I guess no one checked package manager of Distro. Good distros have all the linux native browser plugins in there if the direct install is disabled. No need to go to su directly. Even Nvidia and ATI 3d drivers will be in the distro package management if its a distro build for new users.

Migration will be better after Samba 4 is released. It is equal to a 2003 or higher file server and domain controller server including ADS. Even NTFS permissions work perfectly on it. No network admin should migrate to a Network Server OS they don't know how to use correctly. A pure Linux/BSD person setting up a Windows 2003 is a mess. Or a pure Windows 2003 person setting up a BSD/Linux is a mess. Or a pure working with a mixed network is a mess. Knowing what to change is critical or its a complete mess.

The thing that annoys me most about Windows is I don't have the tools to lock bad applications in jails so there damage is limited if I cannot remove them. Basic design defects of Windows makes it hard to jail anything. In Vista they at long last provide a from Jail and its only for DRM applications. Base design of Windows can have jails. Problem is there are doors out of it everywhere. Shut the doors and Windows will move up on my list of safe OS's to use. Since bad coded programs I will be able to do something about even if not perfect.

Problem is we are two different levels. I like having applications at my mercy not the other way over. I class it as a design flaw if applications are not at the system admin mercy at all times on what applications can access and do to the system.

madmax69
Posts: 51
Joined: Mon Jan 01, 2007 12:36 am

Post by madmax69 »

Samba can 100% percent do consistent password simply done. Integrate into pam so passwd change changes samba password as well.
As I said - guess it's not been done then as I'm sure the ability must be there. I don't get paid to fix that part and I don't have legal access to the system. All I can do is make recommendations which will then get ignored for business reasons. I keep away from the bespoke Unix side as much as possible to avoid getting "tainted" by any serious problems which are really not within my remit.
If SAMBA admins are still stuffing this up when Samba 4 is released nothing can be done to help them. The network you were looking did not stand a chance.
I tend to agree and I also tend to leave my mobile phone switched off as much as possible!. The client company is a disaster waiting to happen for umpteen different reasons - and theres pretty well nothing I can fix by tightening up Windows without breaking the Linux system. However, this situation is certainly not unusual. There are no proper or competent sysadmins on site. Everything is supposed to be administered via remote VNC on support contract. There were far worse problems as a result of the rollout than I've even mentioned including document management system "losing" all the company edocs due to changed user accounts but I won't even go there.
So why give some to that company and operator.
This is real world not an exercise. The small company purchasing the crappy package has an existing contract and are forced by them onto an "upgrade" treadmill which they did not want and which impacted on profitability. IMHO the new system offers zero advantages and introduces several thousand new points of failure but they had no choice but to upgrade or face contract cancellation. I guess they got their business model from Microsoft?. There was really nothing wrong with the old telnet-based system and the new system does nothing more than emulate telnet in Win32 dialogs and integrate VERY loosely into MS Office. I recommended they check/query many aspects but the decisions were all made before I relally got in the loop. Consultans aren't always (probably hardly ever) listened to and are often fetched in to troubleshoot things once their initial recommendations are ignored, when they get into a real mess, and a business is standing. My personal view is that Unix comapny are cowboys but as I said there are only a handful of competitors in this specific field of legal software so they really have little or no choice (I understand from recent info that their competiors software is even worse) For the most obvious legal reasons I can't name and shame.
I guess no one checked package manager of Distro. Good distros have all the linux native browser plugins in there if the direct install is disabled. No need to go to su directly.
The plugin provider provided only a GZ package (for Firefox as I recall?) with installation instructions and scripts and an apology. Thats no good from my point of view unless anyone thinks that providing "on call" IT support with a strict SLA to friends and family is a really fun thing to do (I don't so I don't recommend Linux - yet!). The only other alternative to anyone I reommend Linux to is that I go help them set up, install all the plugins they ever need then promise faithfully to drop whatever important things I'm doing and go fix any future plugin isuses they have whilst browsing. I won't do that - even though I am sure you're aware that if you "know computers" friends think nothing of ringing you at 2am to tell you their problems!!!. When all Linux plugins run 100% "script free" with zero manual intervention I might recommend Linux as a browser app but certainly not yet. Its just not ready yet. 2am IT support phone calls are not something I enjoy :(
The thing that annoys me most about Windows is I don't have the tools to lock bad applications in jails so there damage is limited if I cannot remove them.
The only really bad apps I've found so far are software NAT firewalls which break Apache due to improper Winsock code rather than tramping over memory space (reqiuires Win32DisableAcceptEx). Not sure running in separate memory space would help there. Again, on balance of real world costs I'ts something I can live with on a personal computer or which can be fixed by external FW on a corporate PC. I cannot remember since the days of Win9x the last time I ever had an application program BSOD on me by running rampant thru memory space. The worst I see nowadays (2 weeks ago) are apps which install cruddy drivers which make the system unstable. A problem Linux would also be subject to if cowboy driver-authors made major faux-pas in their code - but I think I already made this point. (mobile phone connectivity software amongst the worst I've seen in recent months)

Windows XP has the option to run apps in separate memory space - just tick the box XPSP2- App Shorcut->Propeties->Advanced->Tick Run in separate memory space (default). There's no excuse for not having SP2 - my mum can even install it - and they'll even post you a free CDROM. You can also run with different (lower) credentials. When I find an app which I desperately need to use which causes also reall world problems on Win2k I'll worry about it then. DEP is another issue which Steve Gibson is campaigning on at GRC.COM and is "doable" but obviously not deemed critical enough yet for MS to worry about enabling it. Fingers crossed for the ROS team enabling DEP!. :)

My only major headaches are no cash, a hard drive on it's last legs and failing and my commercial firewall/router box (which probably runs embedded Linux) locking up at weekly intervals!.

IMHO Windows gets the blame in terms of reliability for a hell of a lot of hardware-related faults. I've gone thru about $400 of CPU and motherboards in the last 3 years and have found some new kit to be no more reliable than old secondhand stuff. I've put some of this down to unstable mains supply and have had to install surge protectors throughout the house. Although I am big fan of AMD I've found Semperons to be less than reliable and when they blow they've taken out the motherboard which in turn has fried components. (No I dont overclock either!) A faulty removable disk-caddy was the cause of an endless series of BSODs and strange eventlog errors which, once removed has resulted in much more stability. I wouldn't blame Windows for any of this but I've met plenty of people who would!. I'm now running on cheap/free secondhand parts and if they fail who cares?. As a side issue the same problems arose at this site where eventually a PSU was fried when large HP industrial motors from cleaning equipment were used on the same mains power-circuit. This was initially blamed by the company as a problem with Windows until I let them smell the roast PSU !!

I'm sure that with full awareness of these issues the ROS developers will looking to make ROS a great open replacement for Windows and I'm quite prepared to wait a while for ROS than be frustrated with Linux or recommend Linux to friends or companies and have my phone ringing "off the hook" 24/7. That may seem selfish but I do have a life and lots of things I need to do myself. ;)

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

Lot of new user distro's find and locate and add installers to the those gz files so the package manager can do it. The maker of the plugin provides one way the Distro maker provides another. This of course is a distro thing.

Separate Memory Space is not a JAIL. Lower credentials is not a JAIL. These are only like parts. Not what is required to have a complete jail.

JAIL provides full control over API access, Kernel access, Network access, Memory access and Disk access the application has. Handy if something has a security hole that you have to use. If application does get hit damage is really restricted to the functions and areas the application would normally use. Even can be used in a preventive job on servers.

Most kernel drivers in Linux are Open Source and maintained under the controls in place in the kernel development tree.. ATI and NVIDIA drivers are the about the most common two that are closed source on linux and a kernel driver. And the most complained about. Now going as far as reverse engineering Nvidia's into open source at moment. Printer Scanner Phones... are all software level. Most of these have a Open Source competion.

Please be careful before thinking because box is embed that its Linux. If its Linux the source code will be download able somewhere and normal a GPL license bit of paper came with the router.. There are many OSs that can be embeded in a commercial firewall/router box. Some of these are poor hardware failures too.

My reliability problems are not caused by hardware to my customer base. Its spyware and other junk. All my computers on unstable power have UPS's. Surge Protectors are useless on computers. You need a power filter at a min. Also there are such things as too cheep power supplies. This don't cut power when told to wires going to motherboard or drives.

Different to common understanding. Most Computer power supplies handle surges perfectly. It is the power dips that kill a computer in most cases.

stib
Posts: 4
Joined: Wed Feb 21, 2007 4:54 am

Post by stib »

Lightwave 3d and other animation software, Adobe apps: they're the biggest reason I don't run linux all the time. (yes I know, Gimp Jahshaka, Blender etc, sorry, but not quite at a professional level yet, though I'm keeping my eye on them).

ReactOS would have to be pretty stable to do paid work on though, I'm guessing not for a few years..

Z98
Release Engineer
Posts: 3379
Joined: Tue May 02, 2006 8:16 pm
Contact:

Post by Z98 »

People keep putting up things like Blender and Gimp as replacements for the like of Photoshop and 3DS Max/Maya. But they aren't replacements, and when issues, missing features, and problems are brought up, those same people get defensive. They need to actually make those products match functionality fully before they start shooting off their mouths.

oiaohm
Posts: 1322
Joined: Sun Dec 12, 2004 8:40 am

Post by oiaohm »

There is no perfect image editing or 3d tool.

Blender is better at some things compared to 3d max. That is the problem.

I know I have endup using all 4 3d max, blender, gimp and photoshop.

Thing most people don't know is with verse they merge all into one giant tool of hell.

Point is they are replacement for some users. And part of a supertool. Until you have used them combined you don't know how weak each is alone. Basicly I want features of gimp in photoshop and features of photoshop in gimp. Same with 3d max and Blender.

stib
Posts: 4
Joined: Wed Feb 21, 2007 4:54 am

Post by stib »

Blender does fantastic liquids, I use it as a de-facto plugin for lightwave (which does crap liquids).

Jahshaka would have to be the worst at overhyping software that is really not ready for production. If you look at their web page it looks like it can do everything including making coffee, but it seriously fails to live up to the hype.

I liked the way the react BSOD was on the screenshots page. Keeping it honest is good.

Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot] and 1 guest