Just to note: these companies control infrastructure (cloud, app stores, platforms, hardware certification, etc.). That’s a form of structural power, independent of whether the services are useful. People can disagree about how concerning that is, but it’s not accurate to say there’s no power dynamic here.
15 years back people were given Windows macOS and Linux and people voted which OS were ready for the Desktop and which were not. The only BS is your inflammatory contribution to this topic.
Nope, Macs were expensive stuff games did not run on, and linux was just not pushed by near anyone.
It was not a war "which desktop is easier to use", it was "which system can run stuff I need". And if "the need" was "video games and office stuff", your only choice was windows.
they were not, they purchased what was in the stores, which was only windows. all the way from first windows to windows xp it was the biggest pile of shit imaginable. the average user wouldnt even have half a chance of installing it, and certainly couldnt use it with any kind of reasonableness, it was a giant mess, it was just the mess people were used to. Most people would throw out their computer and buy a new when windows became slow, because, of course it gradually becomes slower, makes perfect sense, no?
KDE from 15 years back was HUGELY better than windows at the time, and frankly, also windows now
> Unlike the Peter principle, the promoted individuals were not particularly good at any job they previously had, so awarding them a supervisory position is a way to remove them from the productive workflow.
> An earlier formulation of this effect was known as Putt's Law (1981), credited to the pseudonymous author Archibald Putt ("Technology is dominated by two types of people, those who understand what they do not manage and those who manage what they do not understand.").
And behind on a lot of stuff. The Microsoft's ACLs are nothing short of one of the best designed permission systems there are.
On the surface, they are as simple as Linux UOG/rwx stuff if you want it to be, but you can really, REALLY dive into the technology and apply super specific permissions.
The file permission system on Windows allows for super granular permissions, yes; administrating those permissions was a massive pain, especially on Windows file servers.
> The Microsoft's ACLs are nothing short of one of the best designed permission systems there are.
You have a hardened Windows 11 system. A critical application was brought forward from a Windows 10 box but it failed, probably a permissions issue somewhere. Debug it and get it working. You can not try to pass this off to the vendor, it is on you to fix it. Go.
Procmon.exe. Give me 2 minutes. You make it sound like it's such a difficult thing to do. It literally will not take me more than 2 minutes to tell you exactly where the permission issue is and how to fix it.
Procmon won't show you every type of resource access. Even when it does, it won't tell you which entity in the resource chain caused the issue.
And then you get security product who have the fun idea of removing privileges when a program creates a handle (I'm not joking, that's a thing some products do). So when you open a file with write access, and then try to write to the file, you end up with permission errors durig the write (and not the open) and end up debugging for hours on end only to discover that some shitty security product is doing stupid stuff...
Granted, thats not related to ACLs. But for every OK idea microsoft had, they have dozen of terrible ideas that make the whole system horrible.
Especially when the permission issue is up the chain from the application. Sure it is allowed to access that subkey, but not the great great grandparent key.
While that's true, linux _tends_ to follow the rules a bit better, and not change how APIs work from under your feets. For instance on Linux, permission checks are done when you open a handle. An LSM like SELinux can only allow or deny your rights to open the handle at the permission level you requested, that's it. It cannot allow the handle to be opened, but with less privileges than requested, nor can it do permission check at operation time. So once your open is successful, you can be pretty sure that you've cleared the permission checks bar, and are good to go.
This makes writing robust code under those systems a lot easier, which in turns makes debugging things when it goes wrong nicer. Now, I'm not going to say debugging those systems is great - SELinux errors are still an inscrutable mess and writing SELinux policy is fairly painful.
But there is real value in limiting where errors can crop up, and how they can happen.
Of course, there is stuff like FUSE that can throw a wrench into this: instead of an LSM, a linux security product could write their own FS overlay to do these kind of shenanigans. But those seem to be extremely rare on Linux, whereas they're very commonplace on Windows - mostly because MS doesn't provide the necessary tools to properly write security modules, so everyone's just winging it.
At this point you're just arguing for the sake of bashing on Microsoft. You said it yourself, that's not related to ACL, so what are you doing, mate? This is not healthy foundation for a constructive discussion.
Do you have any favorite docs or blogs on these? Reading about one of the best designed permissions systems sounds like a fun way to spend an afternoon ;)
And yet, it requires kernel extension anti-cheat to stop a game mod from reading and writing memory locations in a running process. It’s a toy operating system if it can’t even prevent that. It’s why corporate machines are so locked down. Then there is the fact video drivers run in ring 0 and are allowed to phone home… but hey you can prevent notepad++ from running FTW.
ACLs in Linux were tacked on later; not everything supports them properly. They were built into Windows NT from the start and are used consistently across kernel and userspace, making them far more useful in practice.
Also, as far as I know Linux doesn't support DENY ACLs, which Windows does.
Some of us can! I certainly enjoy doing it, and according to "man 5 acl" what you assert is completely false. Unless you have a particular commit or document from kernel.org you had in mind?
See 6.2.1 of RFC8881, where NFSv4 ACLs are described. They are quite similar to Windows ACLs.
Here is kernel dev telling they are against adding NFSv4 ACL implementation. The relevant RichAcls patch never got merged: https://lkml.org/lkml/2016/3/15/52
I see what I misunderstood, even in the presence of an ALLOW entry, a DENY entry would prohibit access. I am familiar with that on the Windows side but haven't really dug into Linux ACLs. The ACCESS CHECK ALGORITHM[1] section of the acl(5) man page was pretty clear, I think.
Haha, sure. Sorry, it's not you, it's the ACLs (and me nerves). Have you tried configuring NFSv4 ACLs on Linux? Because kernel devs are against supporting them, you either use some other OS or have all sorts of "fun". Also, not to be confused with all sorts of LSM based ACLs... Linux has ACLs in the most ridiculous way imaginable...
Oh yeah for sure. Linux is amazing in a computer science sense, but it still can't beat Windows' vertically integrated registry/GPO based permissions system. Group/Local Policy especially, since it's effectively a zero coding required system.
Ubuntu just recently got a way to automate its installer (recently being during covid). I think you can do the same on RHEL too. But that's largely it on Linux right now. If you need to admin 10,000+ computers, Windows is still the king.
Debian (and thus Ubuntu) has full support for automated installs since the 90's. It's built into `dpkg` since forever. That include saving or generating answer to install time questions, PXE deployment, ghosting, CloudInit and everything. Then stuff like Ansible/Puppet have been automating deployment for a long time too. They might have added yet another way of doing it, but full stack deployment automation has been there for as long as Ubuntu existed.
> Ubuntu just recently got a way to automate its installer (recently being during covid). I think you can do the same on RHEL too. But that's largely it on Linux right now. If you need to admin 10,000+ computers, Windows is still the king.
1. cloud-init support was in RHEL 7.2 which released November 19, 2015. A decade ago.
2. Checking on Ubuntu, it looks like it was supported in Ubuntu 18.04 LTS in April 2018.
3. For admining tens of thousands of servers, if you're in the RHEL ecosystem you use Satellite and it's ansible integration. That's also been going on for... about a decade. You don't need much integration though other than a host list of names and IPs.
There are a lot of people on this list handling tens of thousands or hundreds of thousands of linux servers a day (probably a few in the millions).
> Ubuntu just recently got a way to automate its installer (recently being during covid). I think you can do the same on RHEL too. But that's largely it on Linux right now. If you need to admin 10,000+ computers, Windows is still the king.
What?! I was doing kickstart on Red Hat (want called Enterprise Linux back then) at my job 25 years ago, I believe we were using floppies for that.
Yeah, I have been working on the RHEL and Fedora installer since 2013 and already back then it had a long history almost lost to time - the git history goes all the way back to 1999 (the history was imported from CVS, as it predates Git) and that actually only cover the first graphical interface - it had automated installation support via kickstart and a text interface long before that, but the commit history has been apparently lost. And there seems to have been even some earlier distict installer before Anaconda, that likely also supported some sort of automated install.
BTW, we managed to get the earlies history of the project written down here by one of the earliest contributors for anyone who might be interested:
Note how some commands were introduced way back in the single digit Fedora/Fedora Core age - that was from about 2003 to 2008. Latest Fedora is Fedora 43. :)
Not an implementer of group policy, more of a consumer. There are 2 things that I find extremely problematic about them in practice.
- There does not seem to be a way to determine which machines in the fleet have successfully applied. If you need a policy to be active before doing deployment of something (via a different method), or things break, what do you do?
- I’ve had far too many major incidents that were the result of unexpected interactions between group policy and production deployments.
That's not a problem with group policy. You're just complaining that GPO is not omnipotent. That's out of scope for group policies mate. You win, yeah yeah.... Bye
"known" is the wrong word. Laymen know a lot of things, like ingesting lead, radium, mercury and arsenic. Up until a couple of years ago, people "knew" that one glass of wine a day was healthy, when infact every drop is poisonous to the body.
In reverse, people thought (and too many still "know") that MSG and pasteurization is bad.
Don't use the word know, when in fact you mean "assume".
Is MSG not bad for you in the way aspartame is not bad for you? I totally get that MSG is naturally present in dashi but the chemistry of dashi (a very messy and complex mix of substances) vs purified msg is going to be different, and the concentrations the japanese consume food containing dashi are very different to the way UPFs and chinese restaurants gratuitously smother your food in it. MSG is to many cuisines what butter is to western cuisine (ie moar is always bettah)
There’s no evidence linking MSG specifically with any chronic health issues and little reason to suspect there would be in healthy people at the quantities generally consumed. Funnily enough many people who are wary of MSG and try to avoid it would be better off looking at their sodium intake, which we know for sure has long term health risks.
I am someone who is sensitive to MSG and the new substitutes they put in food to replace it.
It is not "dangerous", and I think that is the problem with the messaging, but it does increase my anxiety, insomnia and fibromyalgia symptoms. And I also thing for most people it is fine, but it certainly does not work with my family's genetics. My mother had the same issue.
Many things in food now replace MSG. Any time you see a protein isolate, what they are isolating is the glutamate. Malted Barley Flour also contains high levels of glutamate and purines (like inosine) that work synergisticly with it to enhance flavor.
Glutamate is an excitatory neurotransmitter, and it makes your taste buds more "excited". My mouth tastes like metal whenever I have foods with glutamate. It is not pleasant for me at all.
Well it seems pretty accepted that refined sugar is worse for you than consuming sugars locked up in fibrous fruits. From a similar intuition glutamates locked up in natural sources probably has a different bioavailability profile to refined MSG, incidental sodium intake notwithstanding.
In any case, everyone is different and catchall health advice lacks nuance. I have to very consciously consume more and more salt because I habitually cut it out to the point that I now suffer from hyponatremia especially as I exercise and sweat bucket loads.
salt was always advised to be limited, especially for those with high blood pressure. This hasn't changed, there are just vocal diet ideologues (mostly carnivore/keto) that are trying to post-hoc rationalize otherwise.
Everybody is sodium sensitive, it’s a basic fact that your body retains additional fluids if you increase your sodium intake, just talk to some bodybuilders. Chronic long term exposure to a high sodium diet is a risk factor for all sorts of issues because of this basic fact of biology. Way more so than MSG or even artificial sweeteners. But people focus on the wrong thing.
My understanding is that most people's blood pressure does not increase in response to dietary sodium, which is the sensitivity described in this context.
MSG is very safe in normal quantities with a similar safety profile to salt. You can drink MSG water to kill yourself but it’d be like drinking a gallon of seawater. It’s monosodium glutamate. Monosodium as in NaCl (table salt) and glutamate as in the amino acid and neurotransmitter. Once they disassociate in water, they’re both some of the most basic molecules used by all life, including for protein production.
A glass of wine a day is within epsilon of the most healthy possible option. You're making this out as if this is a big shift, but it isn't. There are just huge error bars on the measurements relative to the effect of the intervention.
Ah yes. American Prisons prioritizing punishment over resocialising is the reason why criminals so often continue to hurt society after they have been released.
Then we have people who demand to double down on the punishment and wonder why these people never stop breaking the law.
Americans are a marvelous bunch. Thanks Dog I live in a first world country.
... yet, you did it anyway, without going into detail or providing any clue where these violations (as you claim) are.
If there's any substance to what you say, provide some details and proof, so it can be a constructive discussion, rather than just noise.
reply