Gotta see and hear this; http://www.linspire.com/RunLinspireFlash.php
Love it!
"time to set MS on fire!"
On Tue, 20 Jul 2004 10:09:09 +0100 kpwatson@pop3.ukfsn.org wrote:
Gotta see and hear this; http://www.linspire.com/RunLinspireFlash.php
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
kpwatson@pop3.ukfsn.org wrote:
Gotta see and hear this; http://www.linspire.com/RunLinspireFlash.php
Excellent! Has anyone in the LUG actually tried this product yet?
Cheers, Laurie.
On Tue, Jul 20, 2004 at 11:27:22AM +0100, Laurie Brown wrote:
kpwatson@pop3.ukfsn.org wrote:
Gotta see and hear this; http://www.linspire.com/RunLinspireFlash.php
Excellent! Has anyone in the LUG actually tried this product yet?
I have mainly heard bad things about it, mostly the "everything runs as root after the install"
They have this to say on the subject http://info.linspire.com/askmichael/question9.htm
So basically the default install leaves you in a similar state to a default install of a Microsoft desktop OS and we know how well the average user takes steps to lock their machine down, don't we :-/
Adam
On Tue, Jul 20, 2004 at 11:56:37AM +0100, adam@thebowery.co.uk wrote:
On Tue, Jul 20, 2004 at 11:27:22AM +0100, Laurie Brown wrote:
kpwatson@pop3.ukfsn.org wrote:
Gotta see and hear this; http://www.linspire.com/RunLinspireFlash.php
Excellent! Has anyone in the LUG actually tried this product yet?
I have mainly heard bad things about it, mostly the "everything runs as root after the install"
They have this to say on the subject http://info.linspire.com/askmichael/question9.htm
So basically the default install leaves you in a similar state to a default install of a Microsoft desktop OS and we know how well the average user takes steps to lock their machine down, don't we :-/
*EWWW*. Why can't they do something more akin to knoppix, which though sick and wrong, at least doesn't run all the system as root but instead as the Knoppix user, who then has sudo access (with no password) to root. Cleaner, would give lindows as much flexibility and would mean that netscape and other things work (that check that they're not being run by UID=0...) does this mean that the lindows lot hacked lots of the software to stop that from being an issue?
*Truly appalled by the idea of everything running as root*
On Tue, Jul 20, 2004 at 01:43:30PM +0100, Brett Parker wrote:
*EWWW*. Why can't they do something more akin to knoppix, which though sick and wrong, at least doesn't run all the system as root but instead as the Knoppix user, who then has sudo access (with no password) to root. Cleaner, would give lindows as much flexibility and would mean that netscape and other things work (that check that they're not being run by UID=0...) does this mean that the lindows lot hacked lots of the software to stop that from being an issue?
*Truly appalled by the idea of everything running as root*
yup, <AOL>
What I don't understand is why (some people will probably be horrified at my suggestion now) is that these desktop newbie centered distros don't generate a secure password (why not perhaps 4 or 5 and let you choose one of them with a single click of the mouse?) when you install and display it on screen and then print a message saying "this is your root password, write it down and keep it in a very safe place. You will need this password to maintain your machine and if you allow anyone else to know this password then they could break into your machine and access your data" (or something similar) and just ask for this password when running package installers and configuration options etc.
Then at around the same time you can force them to create a normal user account (ok, this is for a bit of desktop software aimed at the desktop, I am not advocating this approach for all distros) and suggest a few secure passwords at them?
Adam
On Tue, 2004-07-20 at 13:56, adam@thebowery.co.uk wrote:
What I don't understand is why (some people will probably be horrified at my suggestion now) is that these desktop newbie centered distros don't generate a secure password (why not perhaps 4 or 5 and let you choose one of them with a single click of the mouse?) when you install and display it on screen and then print a message saying "this is your root password, write it down and keep it in a very safe place. You will need this password to maintain your machine and if you allow anyone else to know this password then they could break into your machine and access your data" (or something similar) and just ask for this password when running package installers and configuration options etc.
This makes sence for a home user distro but maybe they would loose the password, i guess there is no good way around that.
Then at around the same time you can force them to create a normal user account (ok, this is for a bit of desktop software aimed at the desktop, I am not advocating this approach for all distros) and suggest a few secure passwords at them?
The idea of a normal user being auto created by the installer makes sense to me. If the user name was based on some information the user gave at install time(like name) i don't see what security problems this would bring.
Why should a home user need a password to login to there own machine? I understand the need for security on a public use machine that has more then one user account or on a machine that allows remote logins but does a simple home user need multiple accounts or remote logins? I wouldn't think this was good for a normal distribution but for a home use distro it makes sense.
Dennis
On Tue, Jul 20, 2004 at 04:21:33PM +0100, Dennis Dryden wrote:
On Tue, 2004-07-20 at 13:56, adam@thebowery.co.uk wrote:
What I don't understand is why (some people will probably be horrified at my suggestion now) is that these desktop newbie centered distros don't generate a secure password (why not perhaps 4 or 5 and let you choose one of them with a single click of the mouse?) when you install and display it on screen and then print a message saying "this is your root password, write it down and keep it in a very safe place. You will need this password to maintain your machine and if you allow anyone else to know this password then they could break into your machine and access your data" (or something similar) and just ask for this password when running package installers and configuration options etc.
This makes sence for a home user distro but maybe they would loose the password, i guess there is no good way around that.
Then at around the same time you can force them to create a normal user account (ok, this is for a bit of desktop software aimed at the desktop, I am not advocating this approach for all distros) and suggest a few secure passwords at them?
The idea of a normal user being auto created by the installer makes sense to me. If the user name was based on some information the user gave at install time(like name) i don't see what security problems this would bring.
Why should a home user need a password to login to there own machine? I understand the need for security on a public use machine that has more then one user account or on a machine that allows remote logins but does a simple home user need multiple accounts or remote logins? I wouldn't think this was good for a normal distribution but for a home use distro it makes sense.
*points at knoppix some more* - look, a normal user running, and no password hastle... *NO ONE* should run the desktop as root, it's in itself a security risk. Run things with as little privileges as possible, as often as possible, rather than someone finding a hole in the program you use daily, acquire the privileges of the user it's running as (so, root), and trash the system... Hey, you know why windows is so prone to viruses? It's because stuff runs at high privilege levels for no reason what so ever (and buggy coding, but hey). For a desktop distribution it'd be good to give the users a chioce of security levels, from not requiring a password and auto magically logging in the default user to requiring a password. Hey, look, win2k could do that, we were doing it with a "web terminal" when I was working for the student union at UEA. It's not a new idea, and it works.
Anyways - how often do you install software and so require root privileges? or need to configure the network card? how many just plain desktop users actually *need* root access for anything bar installing software?
Just my thoughts,
On Tue, Jul 20, 2004 at 04:21:33PM +0100, Dennis Dryden wrote:
Why should a home user need a password to login to there own machine? I understand the need for security on a public use machine that has more then one user account or on a machine that allows remote logins but does a simple home user need multiple accounts or remote logins? I wouldn't think this was good for a normal distribution but for a home use distro it makes sense.
Ok, Imagine a scenario, you share a machine with your brother and you each have a login "dennis" and "john" both of these accounts have no password. Now john is visits a website and unknown to him the web browser he is running has a security hole and the remote website sends some data to your machine which exploits this security hole.
Now, it deletes all of his data, but because the exploit is clever it also checks for other users and knowing that they don't have passwords deletes their data also. It is also a good idea to get people into the habit of using decent password and you never know when something somewhere will have a security exploit that causes people to be able to break into your machine. Just because you don't have remote logins setup doesn't mean people can't get exploit some other bit of software to give them a shell, it could be that they exploit the webserver and manage to get a shell, but hopefully that webserver will only allow them some very unprivileged access to the system as the user the webserver was running as. If you then have a shell and accounts with no password you can circumvent them to give you more access to the system (and once I am running as you I pop up a box when you login saying "please enter the root password for system maintenance" and then use your machine to attack+infect other machines etc. etc.
Adam
On 20 Jul 2004, at 10:09, kpwatson@pop3.ukfsn.org wrote:
Gotta see and hear this; http://www.linspire.com/RunLinspireFlash.php
Possibly the _worse_ thing I have ever seen on the web...
Craig
On Tue, Jul 20, 2004 at 01:51:01PM +0100, Craig wrote:
On 20 Jul 2004, at 10:09, kpwatson@pop3.ukfsn.org wrote:
Gotta see and hear this; http://www.linspire.com/RunLinspireFlash.php
Possibly the _worse_ thing I have ever seen on the web... Craig
Worse than "Badger, Badger, Badger, Badger" or Steve Balmer shouting "Developers! Developers! Developers! Developers! ... " ?
Yeah, that's probably why it's so adorably funny.
Hope they aren't/weren't planning to use it seriously!
On Tue, 20 Jul 2004 13:51:01 +0100 Craig c@wizball.co.uk wrote:
On 20 Jul 2004, at 10:09, kpwatson@pop3.ukfsn.org wrote:
Gotta see and hear this; http://www.linspire.com/RunLinspireFlash.php
Possibly the _worse_ thing I have ever seen on the web...
Craig
main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On Tue, 20 Jul 2004 kpwatson@pop3.ukfsn.org wrote:
Gotta see and hear this; http://www.linspire.com/RunLinspireFlash.php
What a delicious irony that proprietary software is needed to see it. I'll have a look when I get to a box that has Flash.
-
adam@thebowery.co.uk -
Brett Parker -
Craig -
Dan Hatton -
Dennis Dryden -
kpwatson@pop3.ukfsn.org -
Laurie Brown -
Stechjo -
Tim Green