Subj : Re: Windows Managers/Linspire-Lindows To : alt.linux,alt.os.linux,alt.os.linux.redhat,comp.os.linux,comp.os.linux.help From : rodsmith Date : Tue Jul 27 2004 10:44 pm In article , technomaNge writes: > > Rod Smith wrote: > > > Interesting. I installed the 4.5 >> developer's edition. What's yours? > > Version 4.5, but I don't think it was the developer version as I don't > do development. I'm just a user. Neither am I; I just ran across a promotion for this version which worked out to be free, so I decided I might as well check it out. >> In any event, if this capability is in current versions of >> Lindows/Linspire, I'll moderate my criticism of it. Still, the fact that >> the default is to do everything as root is, IMHO, unforgivable -- just not >> quite AS unforgivable as delivering a Linux system with no option to >> create user accounts. > > You didn't understand. This version was designed to be as much like > Windows as possible and so root is in control unless you create a user. > Just like XP. This means a Windows_idiot can install it and use it > without having to learn all that hard linux stuff. I *DO* understand; I just think that making Linux work like Windows in this respect is an unforgivable mistake. Linux was designed from the ground up as a multi-user OS, and many of Linux's security features rely on user accounts. Trying to make Linux act like a single-user OS by giving a single root login by default may make it seem more friendly at first, but it opens up a whole world of potential security problems. This is bad enough on a few isolated systems, but if by some chance Lindows/Linspire (or any other distribution built in the same way) became popular, it'd be a disaster, because it would make it far easier for virus writers, crackers, etc., to take over systems. > Users with a clue will learn enough to know they must create a user with > less priviledges and use that for everything except admin. > > Users without a clue will think they are using Windows, and will be as > vulnerable as root always is. I sincerely hope that users with enough of a clue to know they'd need to take the non-obvious steps needed to create user accounts will not, by and large, want to use something with such a huge security problem in its design. This design flaw drives my level of trust in the design down to 0. As to others, you're quite right; the system is vulnerable. Hence, when discussing it, I can't recommend that those with less experience use it; at least with Fedora, SuSE, Xandros, etc., users are prompted to create user accounts at the start. It's a bit more of a shift for them, but not much, and it's a lot safer. >> Are you saying the programs themselves can only be run by root???? If so, >> that's hideous. > > No, I'm saying that if you jump the gun and install something as root > instead of user then only root can run that something. Ask me how I > know (BIG grin). In other words, the programs themselves can only be run by root, at least if they're installed by root. I repeat: That's hideous. > Since I've forgotten your earlier posts, what Linux are you using? A variety. Currently I've got Gentoo as my primary desktop, with a SuSE server. I've also got systems with Debian, Mandrake, Fedora, Slackware, and Xandros installed. (I write about Linux for a living, so having a wide variety available is very helpful to me.) > How do you like knews? I always had trouble getting it to look and > feel like I wanted. Now I just use Mozilla for mail/news. I like knews because it does the best job of handling threads I've seen, and because it doesn't clutter its window too much (the article list replaces the newsgroup list, which minimizes clutter). Others all strike me as being awkward in these respects, although they've got more and better features in some other ways. -- Rod Smith, rodsmith@rodsbooks.com http://www.rodsbooks.com Author of books on Linux, FreeBSD, and networking .